deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-08 13:43:40 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jdsb

Browse Source
This commit is contained in:
Jeanie Decker
2018-11-07 05:53:06 -08:00
parent 324b7994ef 6688e725e6
commit ebda0f50ea
329 changed files with 629 additions and 707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
browsers/edge/about-microsoft-edge.md
View File

@ -5,6 +5,7 @@ ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
author: shortpatti
ms.prod: edge
ms.mktglfcycl: general
ms.topic: reference
ms.sitesec: library
title: Microsoft Edge for IT Pros
ms.localizationpriority: medium

1
browsers/edge/available-policies.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
manager: dougkim
ms.prod: edge
ms.mktglfcycl: explore
ms.topic: reference
ms.sitesec: library
title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium

1
browsers/edge/change-history-for-microsoft-edge.md
View File

@ -2,6 +2,7 @@
title: Change history for Microsoft Edge (Microsoft Edge for IT Pros)
description: Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile.
ms.prod: edge
ms.topic: reference
ms.mktglfcycl: explore
ms.sitesec: library
ms.localizationpriority: medium

1
browsers/edge/emie-to-improve-compatibility.md
View File

@ -5,6 +5,7 @@ author: shortpatti
ms.author: pashort
ms.manager: dougkim
ms.prod: browser-edge
ms.topic: reference
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: appcompat

2
browsers/edge/group-policies/address-bar-settings-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/adobe-settings-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/books-library-management-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/browser-settings-management-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/developer-settings-gp.md
View File

@ -8,7 +8,7 @@ managre: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/extensions-management-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

2
browsers/edge/group-policies/favorites-management-gp.md
View File

@ -8,7 +8,7 @@ manager: dougkim
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.topic: article
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library

1
browsers/edge/group-policies/home-button-gp.md
View File

@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
ms.topic: reference
---
# Home button

1
browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
View File

@ -9,6 +9,7 @@ ms.date: 10/02/2018
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
ms.topic: reference
---
# Interoperability and enterprise mode guidance

1
browsers/edge/group-policies/new-tab-page-settings-gp.md
View File

@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
ms.topic: reference
---

3
browsers/edge/group-policies/prelaunch-preload-gp.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
ms.topic: reference
---
# Prelaunch Microsoft Edge and preload tabs in the background
@ -18,7 +19,7 @@ Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows
## Relevant group policies
- [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
- [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:

1
browsers/edge/group-policies/search-engine-customization-gp.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
ms.topic: reference
---
# Search engine customization

5
browsers/edge/group-policies/security-privacy-management-gp.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
ms.topic: reference
---
# Security and privacy
@ -57,12 +58,12 @@ Microsoft Edge addresses these threats to help make browsing the web a safer exp
| Feature | Description |
|---|---|
| **[Windows Hello](http://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](http://w3c.github.io/webauthn/). |
| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). |
| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. |
| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include<ul><li>Certificate Reputation system: Protects users from fraudulent certificates.</li><li>Bing Webmaster Tools (for developers): Reports fake certificates directly to Microsoft.</li></ul> |
| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:<ul><li>Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.</li><li> Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). HSTS helps ensure that connections to important sites, such as to your bank, are always secured.</li></ul><p>**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. |
| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) cant load. |
| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ dont provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the programs memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, weve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](http://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ dont provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the programs memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, weve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. |
| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. |
| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesnt support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. |

1
browsers/edge/group-policies/start-pages-gp.md
View File

@ -9,6 +9,7 @@ ms.date: 10/02/2018
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
ms.topic: reference
---
# Start pages

1
browsers/edge/group-policies/sync-browser-settings-gp.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
ms.topic: reference
---
# Sync browser settings

1
browsers/edge/group-policies/telemetry-management-gp.md
View File

@ -6,6 +6,7 @@ ms.author: pashort
author: shortpatti
ms.date: 10/02/2018
ms.localizationpriority: medium
ms.topic: reference
---
# Telemetry and data collection

7
browsers/edge/includes/allow-web-content-new-tab-page-include.md
View File

@ -1,7 +1,7 @@
---
author: shortpatti
ms.author: pashort
ms.date: 10/26/2018
ms.date: 11/02/2018
ms.prod: edge
ms:topic: include
---
@ -18,9 +18,8 @@ ms:topic: include
|Group Policy |MDM |Registry |Description |
|---|:---:|:---:|---|
|Not configured |Blank |Blank |Users can choose what loads on the New Tab page. |
|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from changing it. |
|Enabled **(default)** |1 |1 |Load the default New Tab page. |
|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from making changes. |
|Enabled or not configured **(default)** |1 |1 |Load the default New Tab page and the users make changes. |
---
### ADMX info and settings

2
browsers/edge/includes/provision-favorites-include.md
View File

@ -21,7 +21,7 @@ ms:topic: include
|Group Policy |Description |Most restricted |
|---|---|:---:|
|Disabled or not configured<br>**(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=http://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) |
|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=https://localhost:8080/URLs.html</li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> |![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings

2
browsers/edge/index.yml
View File

@ -125,7 +125,7 @@ sections:
html: <p><a class="barLink" href="https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge#minimum-system-requirements">Minimum system requirements</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge#supported-languages">Supported languages</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/microsoft-edge/deploy/change-history-for-microsoft-edge">Document change history</a></p>
<p><a class="barLink" href="https://www.microsoft.com/en-us/WindowsForBusiness/Compare">Compare Windows 10 Editions</a></p>

11
browsers/edge/microsoft-edge-faq.md
View File

@ -4,10 +4,11 @@ description: Answers to frequently asked questions about Microsoft Edge features
author: shortpatti
ms.author: pashort
ms.prod: edge
ms.topic: reference
ms.mktglfcycl: general
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 10/23/2018
ms.date: 11/05/2018
---
# Frequently Asked Questions (FAQs) for IT Pros
@ -32,7 +33,7 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: Does Microsoft Edge work with Enterprise Mode?**
**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps. For guidance and additional resources, please visit the [Microsoft Edge IT Center](https://technet.microsoft.com/microsoft-edge).
**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
**Q: I have Windows 10, but I dont seem to have Microsoft Edge. Why?**
@ -41,7 +42,7 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?**
**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
**Q: How do I customize Microsoft Edge and related settings for my organization?**
@ -49,7 +50,9 @@ For more information on how Internet Explorer and Microsoft Edge can work togeth
**Q: Is Adobe Flash supported in Microsoft Edge?**
**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](available-policies.md#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
To learn more about Microsofts plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).

3
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -1,11 +1,12 @@
---
title: Deploy Microsoft Edge kiosk mode
description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
ms.assetid:
author: shortpatti
ms.author: pashort
ms.prod: edge
ms.sitesec: library
title: Deploy Microsoft Edge kiosk mode
ms.topic: get-started-article
ms.localizationpriority: medium
ms.date: 10/29/2018
---

4
browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
View File

@ -1,9 +1,9 @@
---
author: shortpatti
ms.author: pashort
ms.date: 10/02/2018
ms.date: 11/02/2018
ms.prod: edge
ms:topic: include
---
By default, Microsoft Edge loads the default New Tab page. Disabling this policy loads a blank page instead of the New Tab page and prevents users from changing it. Not configuring this policy lets users choose what loads on the New Tab page.
By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
View File

@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
2. Type the URL for the website thats experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.<p>
Administrators can only see comments while theyre in this tool.

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
2. Type the URL for the website thats experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.<p>
Administrators can only see comments while theyre in this tool.

2
browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
View File

@ -50,7 +50,7 @@ Employees assigned to the Requester role can create a change request. A change r
- **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
- **App location (URL).** The full URL location to the app, starting with http:// or https://.
- **App location (URL).** The full URL location to the app, starting with https:// or https://.
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.

8
browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
View File

@ -28,7 +28,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both https://contoso.com and https://contoso.com.
``` xml
<rules version="1">
@ -135,7 +135,7 @@ This table includes the elements used by the Enterprise Mode schema.
&lt;path exclude="true"&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
</table>
@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
&lt;path exclude="true"&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
@ -203,7 +203,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Dont use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.

10
browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
View File

@ -38,7 +38,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
The following is an example of the v.2 version of the Enterprise Mode schema.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both https://contoso.com and https://contoso.com.
 
``` xml
<site-list version="205">
@ -198,7 +198,7 @@ The &lt;url&gt; attribute, as part of the &lt;site&gt; element in the v.2 versio
&lt;site url="contoso.com/travel"&gt;
&lt;open-in allow-redirect="true"&gt;IE11&lt;/open-in&gt;
&lt;/site&gt;</pre>
In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
@ -210,14 +210,14 @@ In this example, if http://contoso.com/travel is encountered in a redirect chain
<td>url</td>
<td>Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<br><b>Note</b><br>
Make sure that you don't specify a protocol. Using &lt;site url="contoso.com"&gt; applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol. Using &lt;site url="contoso.com"&gt; applies to both https://contoso.com and https://contoso.com.
<p><b>Example</b>
<pre class="syntax">
&lt;site url="contoso.com:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;open-in&gt;IE11&lt;/open-in&gt;
&lt;/site&gt;</pre>
In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.</td>
In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
</table>
@ -286,7 +286,7 @@ Saving your v.1 version of the file using the new Enterprise Mode Site List Mana
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, http://, https://, or custom protocols. They break parsing.
- Dont use protocols. For example, https://, https://, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.

4
browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
View File

@ -111,7 +111,7 @@ The required packages are automatically downloaded and included in the solution.
1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
``` "Enable"="http://<deploy_URL>/api/records/"
``` "Enable"="https://<deploy_URL>/api/records/"
```
Where `<deploy_URL>` points to your deployment URL.
@ -125,7 +125,7 @@ The required packages are automatically downloaded and included in the solution.
**To view the report results**
- Go to `http://<deploy_URL>/List` to see the report results.<p>
- Go to `https://<deploy_URL>/List` to see the report results.<p>
If youre already on the webpage, youll need to refresh the page to see the results.
![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png)

4
browsers/enterprise-mode/set-up-enterprise-mode-portal.md
View File

@ -176,7 +176,7 @@ Using the IIS Manager, you must restart both your Application Pool and your webs
After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
**To register as an administrator**
1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
2. Click **Register now**.
@ -184,7 +184,7 @@ After you've created your database and website, you'll need to register yourself
4. Click **Administrator** from the **Role** box, and then click **Save**.
5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.

2
browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
View File

@ -33,7 +33,7 @@ All of your managed devices must have access to this location if you want them t
- **Local file:** `"SiteList"="file:///c:\\Users\\<user>\\Documents\\testList.xml"`
> **Example:**
>> _Web URL_ http://localhost:8080/EnterpriseMode.xml
>> _Web URL_ https://localhost:8080/EnterpriseMode.xml
>>
>> _Network Share_ \\NetworkShare.xml (Place this inside the group policy folder on Sysvol)
>>

6
browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
View File

@ -46,9 +46,9 @@ Besides turning on this feature, you also have the option to provide a URL for E
Your **Value data** location can be any of the following types:
- **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.<p>**Important**<br>
The `http://www.emieposturl.com/api/records` example will only work if youve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you dont have the sample, you wont have the web API.
- **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.<p>**Important**<br>
The `https://www.emieposturl.com/api/records` example will only work if youve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you dont have the sample, you wont have the web API.
- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you wont collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).

2
browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
View File

@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
2. Type the URL for the website thats experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.<p>
Administrators can only see comments while theyre in this tool.

2
browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -33,7 +33,7 @@ You can add individual sites to your compatibility list by using the Enterprise
1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
2. Type the URL for the website thats experiencing compatibility problems, like *&lt;domain&gt;.com* or *&lt;domain&gt;.com*/*&lt;path&gt;* into the **URL** box.<p>
Don't include the `http://` or `https://` designation. The tool automatically tries both versions during validation.
Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
3. Type any comments about the website into the **Notes about URL** box.<p>
Administrators can only see comments while theyre in this tool.

2
browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
View File

@ -52,7 +52,7 @@ After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your
- **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
- **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
- **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).

2
browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
View File

@ -40,7 +40,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.<p>**No
3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.<p>**-OR-**<p>Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>**Note**<br>For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
4. After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.<p>**Note**<br>Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
4. After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.<p>**Note**<br>Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
 

2
browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
View File

@ -30,7 +30,7 @@ You can use your Internet settings (.ins) files to set up your standard proxy se
- **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
- **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.<p>**Important**<br>IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
- **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.<p>**Important**<br>IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
## Locking your auto-proxy settings
You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.

2
browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
View File

@ -50,7 +50,7 @@ Employees assigned to the Requester role can create a change request. A change r
- **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
- **App location (URL).** The full URL location to the app, starting with http:// or https://.
- **App location (URL).** The full URL location to the app, starting with https:// or https://.
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.

2
browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
View File

@ -41,7 +41,7 @@ Deploying pinned websites in MDT 2013 is a 4-step process:
Pinned websites are immediately available to every user who logs on to the computer although the user must click each icon to populate its Jump List.
**Important**<br>
To follow the examples in this topic, youll need to pin the Bing (http://www.bing.com/) and MSN (http://www.msn.com/) websites to the taskbar.
To follow the examples in this topic, youll need to pin the Bing (https://www.bing.com/) and MSN (https://www.msn.com/) websites to the taskbar.
### Step 1: Creating .website files
The first step is to create a .website file for each website that you want to pin to the Windows 8.1 taskbar during deployment. A .website file is like a shortcut, except its a plain text file that describes not only the websites URL but also how the icon looks.

8
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
View File

@ -28,7 +28,7 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both https://contoso.com and https://contoso.com.
``` xml
<rules version="1">
@ -135,7 +135,7 @@ This table includes the elements used by the Enterprise Mode schema.
&lt;path exclude="false"&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where http://fabrikam.com doesn't use IE8 Enterprise Mode, but http://fabrikam.com/products does.</td>
Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
</table>
@ -167,7 +167,7 @@ This table includes the attributes used by the Enterprise Mode schema.
&lt;path exclude="true"&gt;/products&lt;/path&gt;
&lt;/domain&gt;
&lt;/emie&gt;</pre><p>
Where http://fabrikam.com uses IE8 Enterprise Mode, but http://fabrikam.com/products does not.</td>
Where https://fabrikam.com uses IE8 Enterprise Mode, but https://fabrikam.com/products does not.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
@ -203,7 +203,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Dont use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.

10
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
View File

@ -38,7 +38,7 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
The following is an example of the v.2 version of the Enterprise Mode schema.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both https://contoso.com and https://contoso.com.
 
``` xml
<site-list version="205">
@ -198,7 +198,7 @@ The &lt;url&gt; attribute, as part of the &lt;site&gt; element in the v.2 versio
&lt;site url="contoso.com/travel"&gt;
&lt;open-in allow-redirect="true"&gt;IE11&lt;/open-in&gt;
&lt;/site&gt;</pre>
In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
@ -210,14 +210,14 @@ In this example, if http://contoso.com/travel is encountered in a redirect chain
<td>url</td>
<td>Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<br><b>Note</b><br>
Make sure that you don't specify a protocol. Using &lt;site url="contoso.com"&gt; applies to both http://contoso.com and https://contoso.com.
Make sure that you don't specify a protocol. Using &lt;site url="contoso.com"&gt; applies to both https://contoso.com and https://contoso.com.
<p><b>Example</b>
<pre class="syntax">
&lt;site url="contoso.com:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;open-in&gt;IE11&lt;/open-in&gt;
&lt;/site&gt;</pre>
In this example, going to http://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.</td>
In this example, going to https://contoso.com:8080 using Microsoft Edge, causes the site to open in IE11 and load in IE8 Enterprise Mode.</td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
</table>
@ -286,7 +286,7 @@ Saving your v.1 version of the file using the new Enterprise Mode Site List Mana
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, http://, https://, or custom protocols. They break parsing.
- Dont use protocols. For example, https://, https://, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.

2
browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
View File

@ -16,7 +16,7 @@ Windows Server Update Services (WSUS) lets you download a single copy of the Mic
**To import from Windows Update to WSUS**
1. Open your WSUS admin site. For example, `http://<wsus_server-name>/WSUSAdmin/`.<P>
1. Open your WSUS admin site. For example, `https://<wsus_server-name>/WSUSAdmin/`.<P>
Where `<wsus_server_name>` is the name of your WSUS server.
2. Choose the top server node or the **Updates** node, and then click **Import Updates**.

4
browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
View File

@ -21,7 +21,7 @@ IE11 works differently with search, based on whether your organization is domain
- **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider.
To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `http://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
**To enable single-word intranet search**
@ -29,7 +29,7 @@ To explicitly go to an intranet site, regardless of the environment, users can t
2. Click **Advanced**, check the **Go to an intranet site for a single word entry in the Address bar** box, and then click **OK**.
If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `http://contoso`.
If you'd like your entire organization to have single word entries default to an intranet site, you can turn on the **Go to an intranet site for a single word entry in the Address bar** Group Policy. With this policy turned on, a search for `contoso` automatically resolves to `https://contoso`.
 

6
browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
View File

@ -115,7 +115,7 @@ Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone an
|--------|--------------|-------------|----------|
|Turn on ActiveX control logging in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE saves log information for ActiveX controls.<p>If you enable this setting, IE logs ActiveX control information (including the source URI that loaded the control and whether it was blocked) to a local file.<p>If you disable or don't configure this setting, IE won't log ActiveX control information.<p>Note that you can turn this setting on or off regardless of the **Turn off blocking of outdated ActiveX controls for IE** or **Turn off blocking of outdated ActiveX controls for IE on specific domains** settings. |
|Remove the **Run this time** button for outdated ActiveX controls in IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management`|Internet Explorer 8 through IE11 |This setting allows you stop users from seeing the **Run this time** button and from running specific outdated ActiveX controls in IE.<p>If you enable this setting, users won't see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control.<p>If you disable or don't configure this setting, users will see the **Run this time** button on the warning message that appears when IE blocks an outdated ActiveX control. Clicking this button lets the user run the outdated ActiveX control once. |
|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.<p>If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:<ul><li>**"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".</li><li>**"hostname".** For example, if you want to include `http://example`, use "example".</li><li>**"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.</li></ul><p>If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
|Turn off blocking of outdated ActiveX controls for IE on specific domains |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting allows you to manage a list of domains on which IE will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.<p>If you enable this setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in IE. Each domain entry must be formatted like one of the following:<ul><li>**"domainname.TLD".** For example, if you want to include `*.contoso.com/*`, use "contoso.com".</li><li>**"hostname".** For example, if you want to include `https://example`, use "example".</li><li>**"file:///path/filename.htm"**. For example, use `file:///C:/Users/contoso/Desktop/index.htm`.</li></ul><p>If you disable or don't configure this setting, the list is deleted and IE continues to block specific outdated ActiveX controls on all domains in the Internet Zone. |
|Turn off blocking of outdated ActiveX controls for IE |`Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management` |Internet Explorer 8 through IE11 |This setting determines whether IE blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.<p>If you enable this setting, IE stops blocking outdated ActiveX controls.<p>If you disable or don't configure this setting, IE continues to block specific outdated ActiveX controls. |
|Remove the **Update** button in the out-of-date ActiveX control blocking notification for IE |This functionality is only available through the registry |Internet Explorer 8 through IE11 |This setting determines whether the out-of-date ActiveX control blocking notification shows the **Update** button. This button points users to update specific out-of-date ActiveX controls in IE. |
@ -145,8 +145,8 @@ Heres a detailed example and description of whats included in the VersionA
|Source URI |File path |Product version |File version |Allowed/Blocked |Reason |EPM-compatible |
|-----------|----------|----------------|-------------|----------------|-------|---------------|
|`http://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
|`http://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
|`https://contoso.com/test1.html` |C:\Windows\System32\Macromed\Flash\Flash.ocx |14.0.0.125 |14.0.0.125 |Allowed |Not in blocklist |EPM-compatible |
|`https://contoso.com/test2.html` |C:\Program Files\Java\jre6\bin\jp2iexp.dll |6.0.410.2 |6.0.410.2 |Blocked |Out of date |Not EPM-compatible |
**Where:**
- **Source URI.** The URL of the page that loaded the ActiveX control.

4
browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
View File

@ -111,7 +111,7 @@ The required packages are automatically downloaded and included in the solution.
1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
``` "Enable"="http://<deploy_URL>/api/records/"
``` "Enable"="https://<deploy_URL>/api/records/"
```
Where `<deploy_URL>` points to your deployment URL.
@ -125,7 +125,7 @@ The required packages are automatically downloaded and included in the solution.
**To view the report results**
- Go to `http://<deploy_URL>/List` to see the report results.<p>
- Go to `https://<deploy_URL>/List` to see the report results.<p>
If youre already on the webpage, youll need to refresh the page to see the results.
![Enterprise Mode Result report with details](images/ie-emie-reportwdetails.png)

4
browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
View File

@ -176,7 +176,7 @@ Using the IIS Manager, you must restart both your Application Pool and your webs
After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
**To register as an administrator**
1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
1. Open Microsoft Edge and type your website URL into the Address bar. For example, https://emieportal:8085.
2. Click **Register now**.
@ -184,7 +184,7 @@ After you've created your database and website, you'll need to register yourself
4. Click **Administrator** from the **Role** box, and then click **Save**.
5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, https://emieportal:8085/#/EMIEAdminConsole.
A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.

6
browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
View File

@ -46,9 +46,9 @@ Besides turning on this feature, you also have the option to provide a URL for E
Your **Value data** location can be any of the following types:
- **URL location (like, http://www.emieposturl.com/api/records or http://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.<p>**Important**<br>
The `http://www.emieposturl.com/api/records` example will only work if youve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you dont have the sample, you wont have the web API.
- **Local network location (like, http://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.<p>**Important**<br>
The `https://www.emieposturl.com/api/records` example will only work if youve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you dont have the sample, you wont have the web API.
- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you wont collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).

2
browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
View File

@ -42,7 +42,7 @@ You can use the Domain Name System (DNS) and the Dynamic Host Configuration Prot
- Type the location to your automatic proxy script file.
**Note**<br>
If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `http://share/test.ins`.
If you specify URLs for both auto-config and auto-proxy, the auto-proxy URL will be incorporated into the .ins file. The correct form for the URL is `https://share/test.ins`.
3. Click **Next** to go to the [Proxy Settings](proxy-settings-ieak11-wizard.md) page or **Back** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page.

8
browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
View File

@ -36,9 +36,9 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
- Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
**Examples:**<br>
`http://www.microsoft.com/webproxy.pac`<br>
`http://marketing/config.ins`<br>
`http://123.4.567.8/account.pac`<p>
`https://www.microsoft.com/webproxy.pac`<br>
`https://marketing/config.ins`<br>
`https://123.4.567.8/account.pac`<p>
For more detailed info about how to set up your DHCP server, see your server documentation.
**To set up automatic detection for DNS servers**
@ -55,5 +55,5 @@ Create a canonical name (CNAME) alias record, named **WPAD**. This record lets y
2. After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.
**Note**<br>
IE11 creates a default URL template based on the host name,**wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.

2
browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
View File

@ -16,5 +16,5 @@ Provide the URL to your branding cabinet (.cab) file.
|Name |Value | Description |
|-----------|--------------------------------|--------------------------------------------------------------|
|Branding |`<cab_file_url>` |The location of your branding cabinet (.cab) file. For example, http://www.&lt;your_server&gt;.net/cabs/branding.cab.|
|Branding |`<cab_file_url>` |The location of your branding cabinet (.cab) file. For example, https://www.&lt;your_server&gt;.net/cabs/branding.cab.|

12
browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
View File

@ -21,7 +21,7 @@ You can customize Automatic Search so that your employees can type a single word
**To set up Automatic Search**
1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: http://ieautosearch/response.asp?MT=%1&srch=%2.<p>
1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.<p>
For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).<p>
**Important**<br>If you arent using IIS in your company, youll need to remap this URL to your script files location.
@ -72,18 +72,18 @@ searchOption = Request.QueryString("srch")
' about filling out an expense report
if (search = "NEW HIRE") then
Response.Redirect("http://admin/hr/newhireforms.htm")
Response.Redirect("https://admin/hr/newhireforms.htm")
elseif (search = "LIBRARY CATALOG") then
Response.Redirect("http://library/catalog")
Response.Redirect("https://library/catalog")
elseif (search = "EXPENSE REPORT") then
Response.Redirect("http://expense")
Response.Redirect("https://expense")
elseif (search = "LUNCH MENU") then
Response.Redirect("http://cafe/menu/")
Response.Redirect("https://cafe/menu/")
else
' If there is not a match, use the
' default IE autosearch server
Response.Redirect("http://auto.search.msn.com/response.asp?MT="
Response.Redirect("https://auto.search.msn.com/response.asp?MT="
+ search + "&srch=" + searchOption +
"&prov=&utf8")
end if

2
browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
View File

@ -17,7 +17,7 @@ The **Important URLS Home Page and Support** page of the Internet Explorer C
**To use the Important URLS Home Page and Support page**
1. In the **Add a homepage URL** box, type the URL to the page your employees go to when they click the **Home** button, and then click **Add**.<p>
If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you dont add a custom **Home** page, IE uses http://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
If you add multiple **Home** pages, each page appears on a separate tab in the browser. If you dont add a custom **Home** page, IE uses https://www.msn.com by default. If you want to delete an existing page, click the URL and then click **Remove**.
2. Check the **Retain previous Home Page (Upgrade)** box if you have employees with previous versions of IE, who need to keep their **Home** page settings when the browser is updated.

2
browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
View File

@ -127,7 +127,7 @@ In this example, the proxy server is selected by translating the host name into
``` javascript
function FindProxyForURL(url, host)
{
if (dnsResolve(host) == "999.99.99.999") { // = http://secproxy
if (dnsResolve(host) == "999.99.99.999") { // = https://secproxy
return "PROXY secproxy:8080";
}
else {

4
browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
View File

@ -21,7 +21,7 @@ Using a proxy server lets you limit access to the Internet. You can also use the
1. Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
2. Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.<p>
Proxy locations that dont begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `http://proxy`.
Proxy locations that dont begin with a protocol (like, https:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `https://proxy`.
3. Type the port for each service. The default value is *80*.
@ -30,7 +30,7 @@ Proxy locations that dont begin with a protocol (like, http:// or ftp://) are
5. Type any services that shouldnt use a proxy server into the **Do not use proxy server for addresses beginning with** box.<p>
When filling out your exceptions, keep in mind:
- Proxy bypass entries can begin with a protocol type, such as http://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
- Proxy bypass entries can begin with a protocol type, such as https://, https://, or ftp://. However, if a protocol type is used, the exception entry applies only to requests for that protocol.
- Protocol values are not case sensitive and you can use a wildcard character (*) in place of zero or more characters.

2
browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
View File

@ -25,7 +25,7 @@ The **Search Provider** box appears.
3. In the **Display Name** box, type the text that appears in the **Search Options** menu for the search provider.
4. In the **URL** box, type the full URL to the search provider, including the http:// prefix.
4. In the **URL** box, type the full URL to the search provider, including the https:// prefix.
5. In the **Favicon URL** box, type the full URL to any icon to associate with your provider.

2
browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
View File

@ -57,7 +57,7 @@ Internet Explorer Setup can switch servers during the installation process to ma
To address connection issues (for example, as a result of server problems) where Setup cant locate another download site by default, we recommend you overwrite your first download server using this workaround:
``` syntax
<path>\ie11setup.exe /C:"ie11wzd.exe /S:""<path>\ie11setup.exe"" /L:""http://your_Web_server/your_Web_site/ie11sites.dat"""
<path>\ie11setup.exe /C:"ie11wzd.exe /S:""<path>\ie11setup.exe"" /L:""https://your_Web_server/your_Web_site/ie11sites.dat"""
```
Where `<path>` represents the folder location where you stored IE11setup.exe.

1
devices/hololens/TOC.md
View File

@ -11,4 +11,5 @@
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [How HoloLens stores data for spaces](hololens-spaces.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

10
devices/hololens/change-history-hololens.md
View File

@ -9,13 +9,20 @@ author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/23/2018
ms.date: 11/05/2018
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
## November 2018
New or changed topic | Description
--- | ---
[How HoloLens stores data for spaces](hololens-spaces.md) | New
## October 2018
New or changed topic | Description
@ -25,6 +32,7 @@ New or changed topic | Description
[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/)
[Insider preview for Microsoft HoloLens](hololens-insider.md) | Added instructions for opting out of Insider builds.
## July 2018
New or changed topic | Description

3
devices/hololens/hololens-kiosk.md
View File

@ -145,7 +145,8 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
8. On the **File** menu, select **Save.**
9. On the **Export** menu, select **Provisioning package**.
10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**

69
devices/hololens/hololens-spaces.md Normal file
View File

@ -0,0 +1,69 @@
---
title: How HoloLens stores data for spaces (HoloLens)
description:
ms.prod: hololens
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/05/2018
---
# How HoloLens stores data for spaces
In the Windows 10, version 1803 update for Microsoft HoloLens, the mapping data for [spaces](https://support.microsoft.com/help/13760/hololens-spaces-on-hololens) is stored in a local database.
The map database is not exposed to a user of the device, even when plugged into a PC or when using the File Explorer app. When BitLocker is enabled, the stored map data is also encrypted with the entire volume.
Holograms that are anchored within the same map section are considered to be “nearby” in the current space.
## Frequently asked questions
**How can I remove map data and known spaces from the HoloLens?**
There are two options for deleting map data in **Settings > System > Holograms**:
- Select **Remove nearby holograms** to delete nearby holograms, clearing the map data and anchored holograms for the current space. A brand new map section would be created and stored in the database for that location while the device is used there. This option can be used to clear the map data for work without affecting any map data from home, for example.
- Select **Remove all holograms** to delete all holograms, clearing all locally stored map data and anchored holograms. No holograms will be rediscovered and any holograms need to be newly placed.
>[!NOTE]
>When you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space.
**How does Wi-Fi data get used by HoloLens and where is the data stored?**
As long as Wi-Fi is enabled, map data will be correlated with nearby Wi-Fi access points. There is no difference in behavior if a network is connected or just nearby. Network characteristics are not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
Wi-Fi characteristics are stored locally to help correlate hologram locations and map sections stored within HoloLens database of known spaces. Its inaccessible to users, and not sent to Microsoft via the cloud or via telemetry.
**Does HoloLens need to be connected to the internet?**
No, internet connectivity is not required. Observed Wi-Fi access points are obtained without being connected or authenticated. It does not change functionality if the access points are internet connected or intranet/local only.
**Since HoloLens no longer requires you to select a space when Wi-Fi is disabled, how does it find the space automatically?**
If Wi-Fi is disabled, the space search can still happen; HoloLens will need to search more of the map data within the spaces database, and finding holograms can take longer.
HoloLens will sense and remember spaces even when Wi-Fi is disabled, by securely storing the sensor data when holograms are placed. Without the Wi-Fi info, the space and holograms may be slower to recognize at a later time, as the HoloLens needs to compare active scans to all hologram anchors and map sections stored on the device in order to locate the correct portion of the map.
HoloLens will visually compare the current scanning data from the sensors to locally stored map sections in the entire spaces database. It will locate holograms faster if the Wi-Fi characteristics can be found, to narrow down the number of spaces to compare.
## Related topics
- [Environment considerations for HoloLens](https://docs.microsoft.com/windows/mixed-reality/environment-considerations-for-hololens)
- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design)
- [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq)

406
mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md
View File

@ -1,13 +1,14 @@
---
title: How to Deploy the App-V Client
description: How to Deploy the App-V Client
ms.author: pashort
author: jamiejdt
ms.assetid: 9c4e67ae-ddaf-4e23-8c16-72d029a74a27
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 11/01/2016
ms.date: 11/05/2018
---
@ -18,341 +19,137 @@ Use the following procedure to install the Microsoft Application Virtualization
<a href="" id="bkmk-clt-install-prereqs"></a>**What to do before you start**
1. Review and install the software prerequisites:
1. Review and install the software prerequisites:
Install the prerequisite software that corresponds to the version of App-V that you are installing:
Install the prerequisite software that corresponds to the version of App-V that you are installing:
- [About App-V 5.0 SP3](about-app-v-50-sp3.md)
- [About App-V 5.0 SP3](about-app-v-50-sp3.md)
- App-V 5.0 SP1 and App-V 5.0 SP2 no new prerequisites in these versions
- App-V 5.0 SP1 and App-V 5.0 SP2 no new prerequisites in these versions
- [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
- [App-V 5.0 Prerequisites](app-v-50-prerequisites.md)
2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
2. Review the client coexistence and unsupported scenarios, as applicable to your installation:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p>Deploying coexisting App-V clients</p></td>
<td align="left"><p>[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md)</p></td>
</tr>
<tr class="even">
<td align="left"><p>Unsupported or limited installation scenarios</p></td>
<td align="left"><p>See the client section in [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)</p></td>
</tr>
</tbody>
</table>
| | |
|---|---|
|Deploying coexisting App-V clients |[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) |
|Unsupported or limited installation scenarios |[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) |
---
 
3. Review the locations for client registry, log, and troubleshooting information:
 
3. Review the locations for client registry, log, and troubleshooting information:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p>Client registry information</p></td>
<td align="left"><ul>
<li><p>By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:</p>
<p><strong>HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT</strong></p></li>
<li><p>When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:</p>
<p><strong>C: \ ProgramData \ App-V</strong></p>
<p>However, you can reconfigure this location with the following registry key:</p>
<p><strong>HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT \ STREAMING \ PACKAGEINSTALLATIONROOT</strong></p></li>
</ul></td>
</tr>
<tr class="even">
<td align="left"><p>Client log files</p></td>
<td align="left"><ul>
<li><p>For log file information that is associated with the App-V 5.0 Client, search in the following log:</p>
<p><strong>Event logs / Applications and Services Logs / Microsoft / AppV</strong></p></li>
<li><p>In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:</p>
<p><strong>Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog</strong></p>
<p>For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).</p></li>
<li><p>Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:</p>
<p><strong>C:\ProgramData\App-V\&lt;package id&gt;\&lt;version id&gt;</strong></p></li>
</ul></td>
</tr>
<tr class="odd">
<td align="left"><p>Client installation troubleshooting information</p></td>
<td align="left"><p>See the error log in the <strong>%temp%</strong> folder. To review the log files, click <strong>Start</strong>, type <strong>%temp%</strong>, and then look for the <strong>appv_ log</strong>.</p></td>
</tr>
</tbody>
</table>
 
| | |
|---|---|
|Client registry information |<ul><li>By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:<p><p><code>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT</code></li><li>When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:<p><p><code>C:\ProgramData\App-V</code><p><p>However, you can reconfigure this location with the following registry key:<p><p><code>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT</code></li></ul> |
|Client log files |<ul><li>For log file information that is associated with the App-V 5.0 Client, search in the following log:<p><p><code>Event logs/Applications and Services Logs/Microsoft/AppV</code></li><li>In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:<p><p><code>Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog</code><p><p>For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).</li><li>Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:<p><p><code>C:\ProgramData\App-V\<_package id_>\<_version id_></code></li></ul> |
|Client installation troubleshooting information |See the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**. |
---
**To install the App-V 5.0 Client**
1. Copy the App-V 5.0 client installation file to the computer on which it will be installed. Choose from the following client types:
1. Copy the App-V 5.0 client installation file to the computer on which it will be installed.<p><p>Choose from the following client types:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Client type</th>
<th align="left">File to use</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Standard version of the client</p></td>
<td align="left"><p><strong>appv_client_setup.exe</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>Remote Desktop Services version of the client</p></td>
<td align="left"><p><strong>appv_client_setup_rds.exe</strong></p></td>
</tr>
</tbody>
</table>
|Client type |File to use |
|---|---|
|Standard version of the client |**appv_client_setup.exe** |
|Remote Desktop Services version of the client |**appv_client_setup_rds.exe** |
---
 
2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md).
2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md).
3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**.
3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**.
4. On the **Setup completed successfully** page, click **Close**.
4. On the **Setup completed successfully** page, click **Close**.
The installation creates the following entries for the App-V client in **Programs**:
The installation creates the following entries for the App-V client in **Programs**:
- **.exe**
- **.exe**
- **.msi**
- **.msi**
- **language pack**
>[!NOTE]
>After the installation, only the .exe file can be uninstalled.
- **language pack**
**Note**  
After the installation, only the .exe file can be uninstalled.
 
**To install the App-V 5.0 client using a script**
1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing.
2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**.
2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**.
**Note**  
The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
>[!NOTE]
>The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter.
 
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p>/INSTALLDIR</p></td>
<td align="left"><p>Specifies the installation directory. Example usage: <strong>/INSTALLDIR=C:\Program Files\AppV Client</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/CEIPOPTIN</p></td>
<td align="left"><p>Enables participation in the Customer Experience Improvement Program. Example usage: <strong>/CEIPOPTIN=[0|1]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/MUOPTIN</p></td>
<td align="left"><p>Enables Microsoft Update. Example usage: <strong>/MUOPTIN=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/PACKAGEINSTALLATIONROOT</p></td>
<td align="left"><p>Specifies the directory in which to install all new applications and updates. Example usage: <strong>/PACKAGEINSTALLATIONROOT='C:\App-V Packages'</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/PACKAGESOURCEROOT</p></td>
<td align="left"><p>Overrides the source location for downloading package content. Example usage: <strong>/PACKAGESOURCEROOT='http://packageStore'</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/AUTOLOAD</p></td>
<td align="left"><p>Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].<strong>Example usage: /AUTOLOAD=[0|1|2]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/SHAREDCONTENTSTOREMODE</p></td>
<td align="left"><p>Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: <strong>/SHAREDCONTENTSTOREMODE=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/MIGRATIONMODE</p></td>
<td align="left"><p>Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: <strong>/MIGRATIONMODE=[0|1]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/ENABLEPACKAGESCRIPTS</p></td>
<td align="left"><p>Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: <strong>/ENABLEPACKAGESCRIPTS=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/ROAMINGREGISTRYEXCLUSIONS</p></td>
<td align="left"><p>Specifies the registry paths that will not roam with a user profile. Example usage: <strong>/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/ROAMINGFILEEXCLUSIONS</p></td>
<td align="left"><p>Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: <strong>/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/S[1-5]PUBLISHINGSERVERNAME</p></td>
<td align="left"><p>Displays the name of the publishing server. Example usage: <strong>/S2PUBLISHINGSERVERNAME=MyPublishingServer</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/S[1-5]PUBLISHINGSERVERURL</p></td>
<td align="left"><p>Displays the URL of the publishing server. Example usage: <strong>/S2PUBLISHINGSERVERURL=\\pubserver</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/S[1-5]GLOBALREFRESHENABLED -</p></td>
<td align="left"><p>Enables a global publishing refresh. Example usage: <strong>/S2GLOBALREFRESHENABLED=[0|1]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/S[1-5]GLOBALREFRESHONLOGON</p></td>
<td align="left"><p>Initiates a global publishing refresh when a user logs on. Example usage: <strong>/S2LOGONREFRESH=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/S[1-5]GLOBALREFRESHINTERVAL -</p></td>
<td align="left"><p>Specifies the publishing refresh interval, where <strong>0</strong> indicates do not periodically refresh. Example usage: <strong>/S2PERIODICREFRESHINTERVAL=[0-744]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/S[1-5]GLOBALREFRESHINTERVALUNIT</p></td>
<td align="left"><p>Specifies the interval unit (Hours[0], Days[1]). Example usage: <strong>/S2GLOBALREFRESHINTERVALUNIT=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/S[1-5]USERREFRESHENABLED</p></td>
<td align="left"><p>Enables user publishing refresh. Example usage: <strong>/S2USERREFRESHENABLED=[0|1]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/S[1-5]USERREFRESHONLOGON</p></td>
<td align="left"><p>Initiates a user publishing refresh when a user logs on. Example usage: <strong>/S2LOGONREFRESH=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/S[1-5]USERREFRESHINTERVAL -</p></td>
<td align="left"><p>Specifies the publishing refresh interval, where <strong>0</strong> indicates do not periodically refresh. Example usage: <strong>/S2PERIODICREFRESHINTERVAL=[0-744]</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/S[1-5]USERREFRESHINTERVALUNIT</p></td>
<td align="left"><p>Specifies the interval unit (Hours[0], Days[1]). Example usage: <strong>/S2USERREFRESHINTERVALUNIT=[0|1]</strong></p></td>
</tr>
<tr class="even">
<td align="left"><p>/Log</p></td>
<td align="left"><p>Specifies a location where the log information is saved. The default location is %Temp%. Example usage: <strong>/log C:\logs\log.log</strong></p></td>
</tr>
<tr class="odd">
<td align="left"><p>/q</p></td>
<td align="left"><p>Specifies an unattended installation.</p></td>
</tr>
<tr class="even">
<td align="left"><p>/REPAIR</p></td>
<td align="left"><p>Repairs a previous client installation.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>/NORESTART</p></td>
<td align="left"><p>Prevents the computer from rebooting after the client installation.</p>
<p>The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V.</p></td>
</tr>
<tr class="even">
<td align="left"><p>/UNINSTALL</p></td>
<td align="left"><p>Uninstalls the client.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>/ACCEPTEULA</p></td>
<td align="left"><p>Accepts the license agreement. This is required for an unattended installation. Example usage: <strong>/ACCEPTEULA</strong> or <strong>/ACCEPTEULA=1</strong>.</p></td>
</tr>
<tr class="even">
<td align="left"><p>/LAYOUT</p></td>
<td align="left"><p>Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>/LAYOUTDIR</p></td>
<td align="left"><p>Specifies the layout directory. Requires a string value. Example usage: <strong>/LAYOUTDIR=”C:\Application Virtualization Client”</strong>.</p></td>
</tr>
<tr class="even">
<td align="left"><p>/?, /h, /help</p></td>
<td align="left"><p>Requests help about the previous installation parameters.</p></td>
</tr>
</tbody>
</table>
 
| | |
|---|---|
|/INSTALLDIR |Specifies the installation directory. Example usage:<p><p>**/INSTALLDIR=C:\Program Files\AppV Client** |
|/CEIPOPTIN |Enables participation in the Customer Experience Improvement Program. Example usage:<p><p>**/CEIPOPTIN=[0\|1\]** |
|/MUOPTIN |Enables Microsoft Update. Example usage:<p><p>**/MUOPTIN=[0\|1\]** |
|/PACKAGEINSTALLATIONROOT |Specifies the directory in which to install all new applications and updates. Example usage: <p><p>**/PACKAGEINSTALLATIONROOT='C:\App-V Packages'** |
|/PACKAGESOURCEROOT |Overrides the source location for downloading package content. Example usage:<p><p>**/PACKAGESOURCEROOT='http://packageStore'** |
|/AUTOLOAD |Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:<p><p>**/AUTOLOAD=[0\|1\|2\]** |
|/SHAREDCONTENTSTOREMODE |Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: <p><p>**/SHAREDCONTENTSTOREMODE=[0\|1\]** |
|/MIGRATIONMODE |Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:<p><p>**/MIGRATIONMODE=[0\|1\]** |
|/ENABLEPACKAGESCRIPTS |Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:<p><p>**/ENABLEPACKAGESCRIPTS=[0\|1\]** |
|/ROAMINGREGISTRYEXCLUSIONS |Specifies the registry paths that will not roam with a user profile. Example usage:<p><p>**/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients** |
|/ROAMINGFILEEXCLUSIONS |Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: <p><p>**/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'** |
|/S[1-5]PUBLISHINGSERVERNAME |Displays the name of the publishing server. Example usage:<p><p>**/S2PUBLISHINGSERVERNAME=MyPublishingServer** |
|/S[1-5]PUBLISHINGSERVERURL |Displays the URL of the publishing server. Example usage:<p><p>**/S2PUBLISHINGSERVERURL=\\pubserver** |
|/S[1-5]GLOBALREFRESHENABLED|Enables a global publishing refresh. Example usage:<p><p>**/S2GLOBALREFRESHENABLED=[0\|1\]** |
|/S[1-5]GLOBALREFRESHONLOGON |Initiates a global publishing refresh when a user logs on. Example usage:<p><p>**/S2LOGONREFRESH=[0\|1\]** |
|/S[1-5]GLOBALREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
|/S[1-5]GLOBALREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:<p><p>**/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]** |
|/S[1-5]USERREFRESHENABLED |Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]** |
|/S[1-5]USERREFRESHONLOGON |Initiates a user publishing refresh when a user logs on. Example usage:<p><p>**/S2LOGONREFRESH=[0\|1\]** |
|/S[1-5]USERREFRESHINTERVAL |Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** |
|/S[1-5]USERREFRESHINTERVALUNIT |Specifies the interval unit (Hours[0], Days[1]). Example usage:<p><p>**/S2USERREFRESHINTERVALUNIT=[0\|1\]** |
|/Log |Specifies a location where the log information is saved. The default location is %Temp%. Example usage:<p><p>**/log C:\logs\log.log** |
|/q |Specifies an unattended installation. |
|/REPAIR |Repairs a previous client installation. |
|/NORESTART |Prevents the computer from rebooting after the client installation.<p><p>The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. |
|/UNINSTALL |Uninstalls the client. |
|/ACCEPTEULA |Accepts the license agreement. This is required for an unattended installation. Example usage:<p><p>**/ACCEPTEULA** or **/ACCEPTEULA=1** |
|/LAYOUT |Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. |
|/LAYOUTDIR |Specifies the layout directory. Requires a string value. Example usage:<p><p>**/LAYOUTDIR=”C:\Application Virtualization Client”** |
|/?, /h, /help |Requests help about the previous installation parameters. |
---
**To install the App-V 5.0 client by using the Windows Installer (.msi) file**
1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail.
1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail.
2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart.
2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart.
3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer.
3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Type of deployment</th>
<th align="left">Deploy this file</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Computer is running a 32-bit Microsoft Windows operating system</p></td>
<td align="left"><p>appv_client_MSI_x86.msi</p></td>
</tr>
<tr class="even">
<td align="left"><p>Computer is running a 64-bit Microsoft Windows operating system</p></td>
<td align="left"><p>appv_client_MSI_x64.msi</p></td>
</tr>
<tr class="odd">
<td align="left"><p>You are deploying the App-V 5.0 Remote Desktop Services client</p></td>
<td align="left"><p>appv_client_rds_MSI_x64.msi</p></td>
</tr>
</tbody>
</table>
|Type of deployment |Deploy this file |
|---|---|
|Computer is running a 32-bit Microsoft Windows operating system |appv_client_MSI_x86.msi |
|Computer is running a 64-bit Microsoft Windows operating system |appv_client_MSI_x64.msi |
|You are deploying the App-V 5.0 Remote Desktop Services client |appv_client_rds_MSI_x64.msi |
---
 
4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
 
**What to know before you start:**
4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack.
- The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client.
**What to know before you start:**
- If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer.
- The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client.
- To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**.
- If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer.
- To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Type of deployment</th>
<th align="left">Deploy this file</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Computer is running a 32-bit Microsoft Windows operating system</p></td>
<td align="left"><p>appv_client_LP_xxxx_ x86.msi</p></td>
</tr>
<tr class="even">
<td align="left"><p>Computer is running a 64-bit Microsoft Windows operating system</p></td>
<td align="left"><p>appv_client_LP_xxxx_ x64.msi</p></td>
</tr>
</tbody>
</table>
 
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|Type of deployment |Deploy this file |
|---|---|
|Computer is running a 32-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x86.msi |
|Computer is running a 64-bit Microsoft Windows operating system |appv_client_LP_xxxx_ x64.msi |
---
**Got a suggestion for App-V**? Add or vote on [suggestions](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). <p><p>**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
@ -362,12 +159,3 @@ Use the following procedure to install the Microsoft Application Virtualization
[About Client Configuration Settings](about-client-configuration-settings.md)
[How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md)
 
 

8
windows/client-management/manage-settings-app-with-group-policy.md
View File

@ -23,7 +23,13 @@ To make use of the Settings App group polices on Windows server 2016, install fi
To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
This policy is available at **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
Policy paths:
**Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
**User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
![Settings page visibility policy](images/settings-page-visibility-gp.png)

6
windows/client-management/mdm/policy-csp-power.md
View File

@ -348,7 +348,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
<!--/Description-->
> [!TIP]
@ -412,7 +412,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
<!--/Description-->
> [!TIP]
@ -600,7 +600,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
<!--/Description-->
> [!TIP]

10
windows/deployment/deploy-m365.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
ms.pagetype: deploy
keywords: deployment, automate, tools, configure, mdt, sccm, M365
ms.localizationpriority: medium
ms.date: 04/23/2018
ms.date: 11/06/2018
author: greg-lindsay
---
@ -55,12 +55,8 @@ Examples of these two deployment advisors are shown below.
## Related Topics
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
 
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<br>
[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)

5
windows/deployment/deploy-whats-new.md
View File

@ -7,7 +7,7 @@ ms.localizationpriority: medium
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
ms.date: 09/12/2018
ms.date: 11/06/2018
author: greg-lindsay
---
@ -24,6 +24,9 @@ This topic provides an overview of new solutions and online content related to d
- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index).
- For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).
## The Modern Desktop Deployment Center
The [Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
## Windows 10 servicing and support

6
windows/deployment/deploy.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 11/02/2017
ms.date: 11/06/2018
author: greg-lindsay
---
@ -29,6 +29,10 @@ Windows 10 upgrade options are discussed and information is provided about plann
|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
## Related topics
[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
 
 

1
windows/deployment/index.yml
View File

@ -46,6 +46,7 @@ sections:
text: "
<br>
<table border='0'>
<tr><td>[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) </td><td>Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Office 365 ProPlus deployments.</td>
<tr><td>[What's new in Windows 10 deployment](deploy-whats-new.md) </td><td>See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. </td>
<tr><td>[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) </td><td>To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. </td>
<tr><td>[Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) </td><td>Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creators Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). </td>

10
windows/deployment/update/device-health-get-started.md
View File

@ -1,11 +1,11 @@
---
title: Get started with Device Health
description: Configure Device Health in Azure Log Analytics to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
description: Configure Device Health in Azure Monitor to monitor health (such as crashes and sign-in failures) for your Windows 10 devices.
keywords: Device Health, oms, operations management suite, prerequisites, requirements, monitoring, crash, drivers, azure
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.date: 09/11/2018
ms.date: 10/29/2018
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
@ -26,7 +26,7 @@ This topic explains the steps necessary to configure your environment for Window
## Add the Device Health solution to your Azure subscription
Device Health is offered as a *solution* which you link to a new or existing [Azure Log Analytics](https://azure.microsoft.com/services/log-analytics/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
Device Health is offered as a *solution* which you link to a new or existing [Azure Monitor](https://azure.microsoft.com/services/monitor/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
@ -38,7 +38,7 @@ Device Health is offered as a *solution* which you link to a new or existing [Az
![Azure portal showing Device Health fly-in and Create button highlighted(images/CreateSolution-Part2-Create.png)](images/CreateSolution-Part2-Create.png)
3. Choose an existing workspace or create a new workspace to host the Device Health solution.
![Azure portal showing Log Analytics workspace fly-in](images/CreateSolution-Part3-Workspace.png)
![Azure portal showing Azure Monitor workspace fly-in](images/CreateSolution-Part3-Workspace.png)
- If you are using other Windows Analytics solutions (Upgrade Readiness or Update Compliance) you should add Device Health to the same workspace.
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
@ -48,7 +48,7 @@ Device Health is offered as a *solution* which you link to a new or existing [Az
4. Now that you have selected a workspace, you can go back to the Device Health blade and select **Create**.
![Azure portal showing workspace selected and with Create button highlighted](images/CreateSolution-Part4-WorkspaceSelected.png)
5. Watch for a Notification (in the Azure portal) that "Deployment 'Microsoft.DeviceHealth' to resource group 'YourResourceGroupName' was successful." and then select **Go to resource** This might take several minutes to appear.
![Azure portal all services page with Log Analytics found and selected as favorite](images/CreateSolution-Part5-GoToResource.png)
![Azure portal all services page with Azure Monitor found and selected as favorite](images/CreateSolution-Part5-GoToResource.png)
- Suggestion: Choose the **Pin to Dashboard** option to make it easy to navigate to your newly added Device Health solution.
- Suggestion: If a "resource unavailable" error occurs when navigating to the solution, try again after one hour.

2
windows/deployment/update/update-compliance-monitor.md
View File

@ -38,7 +38,7 @@ The Update Compliance architecture and data flow is summarized by the following
**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.<BR>
**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.<BR>
**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Log Analytics workspace.<BR>
**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.<BR>
**(4)** Diagnostic data is available in the Update Compliance solution.<BR>

14
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -4,10 +4,10 @@ description: A strong Windows 10 deployment strategy begins with establishing a
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
author: Jaimeo
ms.localizationpriority: medium
ms.author: daniha
ms.date: 07/27/2017
ms.author: jaimeo
ms.date: 11/02/2018
---
# Prepare servicing strategy for Windows 10 updates
@ -20,17 +20,17 @@ ms.date: 07/27/2017
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has completely changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they wont seem like substantial differences, like they do today. Figure 1 shows the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has completely changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they wont seem like substantial differences, like they do today. This image illustrates the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
**Figure 1**
![Compare traditional servicing to Windows 10](images/waas-strategy-fig1a.png)
Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Heres an example of what this process might look like:
- **Configure test devices.** Configure testing PCs in the Windows Insider Program so that Insiders can test feature updates before theyre available to the Semi-annual Channel. Typically, this would be a small number of test machines that IT staff members use to evaluate prereleased builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
- **Identify excluded PCs.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these PCs, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before theyre available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-releas builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or System Center Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md).

6
windows/deployment/windows-10-deployment-scenarios.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.date: 04/03/2018
ms.date: 11/06/2018
author: greg-lindsay
---
@ -19,9 +19,9 @@ author: greg-lindsay
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.<br>&nbsp;
- Traditional deployment methods use existing tools to deploy operating system images.<br>&nbsp;
<table border="0">
<tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>

7
windows/deployment/windows-autopilot/autopilot-faq.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
ms.date: 10/31/2018
ms.date: 11/05/2018
---
# Windows Autopilot FAQ
@ -65,6 +65,11 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
| What is difference between OA3 Hardware Hash, 4K Hardware Hash, and Windows Autopilot Hardware Hash? | None. Theyre different names for the same thing. The Windows 10, 1703 version of the OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using a non-1703 version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
| What is the thought around parts replacement and/or repair for the NIC (network interface controller) and/or Disk? Will the Hardware Hash become invalid? | Yes. If you replace parts, you need to gather the new Hardware Hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, its a new device you MUST have new Hardware Hash. If you replace one network card, its probably not a new device, and the device will function with the old Hardware Hash. However, as a best practice, you should assume the old Hardware Hash is invalid and get a new Hardware Hash after any hardware changes this is Microsofts strong recommendation any time you replace parts. |
## Motherboard replacement
| Question | Answer |
| --- | --- |
| How does Autopilot handle motherboard replacement scenarios?” | Motherboard replacement is out for scope for Autopilot. Any device that is repaired or serviced in a way that alters the ability to identify the device for Windows Autopilot must go through the normal OOBE process, and manually select the right settings or apply a custom image - as is the case today. <br><br>To reuse the same device for Windows Autopilot after a motherboard replacement, the device would need to be de-registered from Autopilot, the motherboard replaced, a new 4K HH harvested, and then re-registered using the new 4K HH (or device ID). <br><br>**Note**: An OEM will not be able to use the OEM Direct API to re-register the device, since the the OEM Direct API only accepts a tuple or PKID. In this case, the OEM would either have to send the new 4K HH info via a CSV file to customer, and let customer reregister the device via MSfB or Intune.|
## SMBIOS

6
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
ms.date: 10/31/2018
ms.date: 11/05/2018
---
# Windows Autopilot for existing devices
@ -298,3 +298,7 @@ The Task Sequence will download content, reboot, format the drives and install W
Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. Once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset. You can enable automatic registration for an assigned group using the **Convert all targeted devices to Autopilot** setting. For more information, see [Create an Autopilot deployment profile](https://docs.microsoft.com/en-us/intune/enrollment-autopilot#create-an-autopilot-deployment-profile).
Also see [Adding devices to Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/add-devices).
## Speeding up the deployment process
To remove around 20 minutes from the deployment process, see Michael Niehaus's blog with instructions for [Speeding up Windows Autopilot for existing devices](https://blogs.technet.microsoft.com/mniehaus/2018/10/25/speeding-up-windows-autopilot-for-existing-devices/).

6
windows/deployment/windows-autopilot/windows-10-autopilot.md
View File

@ -51,8 +51,8 @@ The Windows Autopilot Deployment Program enables you to:
##### Prerequisites
>[!NOTE]
>Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
>[!NOTE]
>Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
* [Devices must be registered to the organization](#device-registration-and-oobe-customization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
@ -126,7 +126,7 @@ To manage devices behind firewalls and proxy servers, the following URLs need to
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidelines for [Microsoft Intune](https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven

8
windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: Justinha
ms.date: 10/27/2017
ms.date: 11/06/2018
---
# Overview of BitLocker Device Encryption in Windows 10
@ -14,7 +14,7 @@ ms.date: 10/27/2017
**Applies to**
- Windows 10
This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10.
This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10.
For an architectural overview about how BitLocker Device Encryption works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview).
For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).
@ -84,13 +84,13 @@ Exercise caution when encrypting only used space on an existing volume on which
SEDs have been available for years, but Microsoft couldnt support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PCs processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
For more information about encrypted hard drives, see [Encrypted Hard Drive](/windows/security/hardware-protection/encrypted-hard-drive.md).
For more information about encrypted hard drives, see [Encrypted Hard Drive](../encrypted-hard-drive.md).
## Preboot information protection
An effective implementation of information protection, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md) and [Choose the right BitLocker countermeasure](choose-the-right-bitlocker-countermeasure.md).
Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices configuration they may not offer additional security when it comes to key protection. For more information, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
## Manage passwords and PINs

2
windows/security/information-protection/windows-information-protection/wip-learning.md
View File

@ -97,4 +97,4 @@ Here, you can copy the **WipAppid** and use it to adjust your WIP protection pol
When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

2
windows/security/threat-protection/change-history-for-threat-protection.md
View File

@ -1,5 +1,5 @@
---
title: Change history for Windows Defender Advanced Threat Protection (Windows Defender ATP)
title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
description: This topic lists new and updated topics in the WWindows Defender ATP content set.
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/security/threat-protection/index.md
View File

@ -13,7 +13,7 @@ ms.date: 10/04/2018
---
# Threat Protection
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
<center><h2>Windows Defender ATP</center></h2>
<table>

BIN
windows/security/threat-protection/intelligence/images/PrevalentMalware-67-percent.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/security/threat-protection/intelligence/images/PrevalentMalware0818.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.5 KiB

BIN
windows/security/threat-protection/intelligence/images/PrevalentMalware1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

BIN
windows/security/threat-protection/intelligence/images/RealWorld-67-percent.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/security/threat-protection/intelligence/images/RealWorld0818.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

BIN
windows/security/threat-protection/intelligence/images/RealWorld1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

25
windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
View File

@ -29,9 +29,13 @@ In the real world, millions of devices are protected from cyberattacks every day
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) <sup>**Latest**</sup>
### July-August 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2018/microsoft-windows-defender-antivirus-4.12--4.18-183212/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y) <sup>**Latest**</sup>
Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 20,022 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 9 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports)
Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples.
### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)
@ -43,26 +47,31 @@ Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with
|||
|---|---|
|![Graph describing Real-World detection rate](./images/RealWorld-67-percent.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware-67-percent.png)|
|![Graph describing Real-World detection rate](./images/RealWorld1.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware1.png)|
<br></br>
![AV-Comparatives Logo](./images/av-comparatives-logo-3.png)
## AV-Comparatives: Perfect protection rating of 100% in the latest test
## AV-Comparatives: Protection rating of 99.8% in the latest test
AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions.
### Real-World Protection Test July (Consumer): [Protection Rate 100%](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) <sup>**Latest**</sup>
### Real-World Protection Test August - September (Enterprise): [Protection Rate 99.8%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-september-2018-testresult/) <sup>**Latest**</sup>
The results are based on testing against 186 malicious URLs that have working exploits or point directly to malware.
This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online.
The test set contained 599 test cases (such as malicious URLs).
### Malware Protection Test August 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-august-2018-testresult/)
This test, as defined by AV-Comparatives, attempts to assesses a security programs ability to protect a system against infection by malicious files before, during or after execution. The results are based on testing against 1,556 malware samples.
### Real-World Protection Test March - June (Enterprise): [Protection Rate 98.7%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-march-june-2018-testresult/)
This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online.
The test set contained 1,163 test cases (such as malicious URLs).
### Malware Protection Test March 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
This test, as defined by AV-Comparatives, attempts to assesses a security programs ability to protect a system against infection by malicious files before, during or after execution.
For this test, 1,470 recent malware samples were used.
[Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)
<br></br>

2
windows/security/threat-protection/intelligence/understanding-malware.md
View File

@ -16,7 +16,7 @@ Malware is a term used to describe malicious applications and code that can caus
Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims.
As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Windows Defender Advanced Threat Protection (Windows Defender ATP), businesses can stay protected with next-generation protection and other security capabilities.
As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf), businesses can stay protected with next-generation protection and other security capabilities.
For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic.

2
windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
View File

@ -18,7 +18,7 @@ ms.date: 10/11/2018
Describes the Account Lockout Policy settings and links to information about each policy setting.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached. The Account Lockout Policy settings can be configured in the following location in the Group Policy Management Console: **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Account Lockout Policy**.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached. The Account Lockout Policy settings can be configured in the following location in the Group Policy Management Console: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Account Lockout Policy**.
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.

9
windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
ms.date: 10/26/2018
ms.date: 11/02/2018
---
# Account lockout threshold
@ -37,8 +37,11 @@ Because vulnerabilities can exist when this value is configured and when it is n
### Best practices
The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a value of 10 could be an acceptable starting point for your organization.
> **Important:**  Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend a value of 10 could be an acceptable starting point for your organization.
As with other account lockeout settings, this value is more of a guideline than a rule or best practice because there is no "one size fits all." For more information, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.
 
### Location

6
windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
ms.date: 10/26/2018
ms.date: 11/02/2018
---
# Reset account lockout counter after
@ -31,7 +31,9 @@ A disadvantage to setting this too high is that users lock themselves out for an
### Best practices
- You need to determine the threat level for your organization and balance that against the cost of your Help Desk support for password resets. Each organization will have specific requirements.
You need to determine the threat level for your organization and balance that against the cost of your Help Desk support for password resets. Each organization will have specific requirements.
[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15, but as with other account lockeout settings, this value is more of a guideline than a rule or best practice because there is no "one size fits all." For more information, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
### Location

2
windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.

2
windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can perform various Windows Defender Antivirus functions with the dedicated command-line tool mpcmdrun.exe.

2
windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can manage and configure Windows Defender Antivirus with the following tools:

2
windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
View File

@ -19,7 +19,7 @@ ms.date: 10/25/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
**Use Microsoft Intune to configure scanning options**

2
windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
Block at first sight is a feature of next gen protection that provides a way to detect and block new malware within seconds.

2
windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md).

2
windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus.

2
windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
View File

@ -18,7 +18,7 @@ ms.date: 09/03/2018
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans.

Some files were not shown because too many files have changed in this diff Show More