These settings configure the network connections for Chromebook devices and include the following settings categories:
Windows 8.1 deployment planning
Explore key considerations and questions that should be answered when planning for Windows 8.1 deployment.
Windows 8.1 deployment to PCs
Get an overview of Windows 8.1 deployment to PCs in an educational environment.
BYOD
Explore Bring Your Own Device (BYOD) considerations, including device types, infrastructure, and deployment models.
Deploying Windows RT 8.1
Get step-by-step instructions on how to configure and deploy Windows RT devices (like Surface and other tablets) in educational environments.
Virtual Desktop Infrastructure
Learn how to address challenges related to BYOD scenarios using Virtual Desktop Infrastructure (VDI).
Microsoft Store apps
Explore Microsoft Store app deployment strategies and considerations for educational institutions running Windows 8.1.
Windows To Go
Learn about the benefits, limitations, and processes involved in deploying Windows To Go.
The root node. +The root node. -
Supported operation is Get. +Supported operation is Get. **ApprovedUpdates** -
Node for update approvals and EULA acceptance on behalf of the end-user. +Node for update approvals and EULA acceptance on behalf of the end-user. > [!NOTE] > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list. -
The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update. +The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update. -
The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID. +The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (that is, updates to the virus and spyware definitions on devices) and Security Updates (that is, product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID. > [!NOTE] > For the Windows 10 build, the client may need to reboot after additional updates are added. -
Supported operations are Get and Add. +Supported operations are Get and Add. **ApprovedUpdates/_Approved Update Guid_** -
Specifies the update GUID. +Specifies the update GUID. -
To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. +To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These GUIDs are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. -
Supported operations are Get and Add. +Supported operations are Get and Add. -
Sample syncml:
+Sample syncml:
```
Specifies the time the update gets approved. +Specifies the time the update gets approved. -
Supported operations are Get and Add. +Supported operations are Get and Add. **FailedUpdates** -
Specifies the approved updates that failed to install on a device. +Specifies the approved updates that failed to install on a device. -
Supported operation is Get. +Supported operation is Get. **FailedUpdates/_Failed Update Guid_** -
Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install. +Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install. -
Supported operation is Get. +Supported operation is Get. **FailedUpdates/*Failed Update Guid*/HResult** -
The update failure error code. +The update failure error code. -
Supported operation is Get. +Supported operation is Get. -**FailedUpdates/*Failed Update Guid*/Status** -
Specifies the failed update status (for example, download, install). +**FailedUpdates/*Failed Update Guid*/State** +Specifies the failed update state. -
Supported operation is Get. +| Update Status | Integer Value | +| -------------------------- | ------------- | +| UpdateStatusNewUpdate | 1 | +| UpdateStatusReadyToDownload| 2 | +| UpdateStatusDownloading | 4 | +| UpdateStatusDownloadBlocked| 8 | +| UpdateStatusDownloadFailed | 16 | +| UpdateStatusReadyToInstall | 32 | +| UpdateStatusInstalling | 64 | +| UpdateStatusInstallBlocked | 128 | +| UpdateStatusInstallFailed | 256 | +| UpdateStatusRebootRequired | 512 | +| UpdateStatusUpdateCompleted| 1024 | +| UpdateStatusCommitFailed | 2048 | +| UpdateStatusPostReboot | 4096 | + +Supported operation is Get. **FailedUpdates/*Failed Update Guid*/RevisionNumber** -
Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. +Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. -
Supported operation is Get. +Supported operation is Get. **InstalledUpdates** -
The updates that are installed on the device. +The updates that are installed on the device. -
Supported operation is Get. +Supported operation is Get. **InstalledUpdates/_Installed Update Guid_** -
UpdateIDs that represent the updates installed on a device. +UpdateIDs that represent the updates installed on a device. -
Supported operation is Get. +Supported operation is Get. **InstalledUpdates/*Installed Update Guid*/RevisionNumber** -
Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. +Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. -
Supported operation is Get. +Supported operation is Get. **InstallableUpdates** -
The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved. +The updates that are applicable and not yet installed on the device. These updates include updates that aren't yet approved. -
Supported operation is Get. +Supported operation is Get. **InstallableUpdates/_Installable Update Guid_** -
Update identifiers that represent the updates applicable and not installed on a device. +Update identifiers that represent the updates applicable and not installed on a device. -
Supported operation is Get. +Supported operation is Get. **InstallableUpdates/*Installable Update Guid*/Type** -
The UpdateClassification value of the update. Valid values are: +The UpdateClassification value of the update. Valid values are: - 0 - None - 1 - Security - 2 - Critical -
Supported operation is Get. +Supported operation is Get. **InstallableUpdates/*Installable Update Guid*/RevisionNumber** -
The revision number for the update that must be passed in server to server sync to get the metadata for the update. +The revision number for the update that must be passed in server to server sync to get the metadata for the update. -
Supported operation is Get. +Supported operation is Get. **PendingRebootUpdates** -
The updates that require a reboot to complete the update session. +The updates that require a reboot to complete the update session. -
Supported operation is Get. +Supported operation is Get. **PendingRebootUpdates/_Pending Reboot Update Guid_** -
Update identifiers for the pending reboot state. +Update identifiers for the pending reboot state. -
Supported operation is Get. +Supported operation is Get. **PendingRebootUpdates/*Pending Reboot Update Guid*/InstalledTime** -
The time the update is installed. +The time the update is installed. -
Supported operation is Get. +Supported operation is Get. **PendingRebootUpdates/*Pending Reboot Update Guid*/RevisionNumber** -
Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. +Added in Windows 10, version 1703. The revision number for the update that must be passed in server to server sync to get the metadata for the update. -
Supported operation is Get. +Supported operation is Get. **LastSuccessfulScanTime** -
The last successful scan time. +The last successful scan time. -
Supported operation is Get. +Supported operation is Get. **DeferUpgrade** -
Upgrades deferred until the next period. +Upgrades deferred until the next period. -
Supported operation is Get.
+Supported operation is Get.
**Rollback**
Added in Windows 10, version 1803. Node for the rollback operations.
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 2bb3347699..20a3da3401 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 06/02/2023
+ms.date: 12/06/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the V
- Assign [group accounts to a config profile](#config-for-group-accounts)
- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 |
| - Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)
- [Automatically launch an app](#allowedapps) when the user signs in
- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809
**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `https://schemas.microsoft.com/AssignedAccess/201810/config`. |
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+> [!WARNING]
+> The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
->[!TIP]
->Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
+> [!TIP]
+> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
@@ -62,7 +55,7 @@ Process:
Watch how to use a provisioning package to configure a multi-app kiosk.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#use-mdm-to-deploy-the-multi-app-configuration), or you can configure assigned access using the [MDM Bridge WMI Provider](kiosk-mdm-bridge.md).
@@ -71,8 +64,8 @@ If you don't want to use a provisioning package, you can deploy the configuratio
- Windows Configuration Designer (Windows 10, version 1709 or later)
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709 or later
->[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
+> [!NOTE]
+> For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
### Create XML file
@@ -198,7 +191,7 @@ Starting in Windows 10 version 1809, you can explicitly allow some known folders
The following example shows how to allow user access to the Downloads folder in the common file dialog box.
->[!TIP]
+> [!TIP]
> To grant access to the Downloads folder through File Explorer, add "Explorer.exe" to the list of allowed apps, and pin a file explorer shortcut to the kiosk start menu.
```xml
@@ -278,8 +271,8 @@ The following example pins Groove Music, Movies & TV, Photos, Weather, Calculato
```
->[!NOTE]
->If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
+> [!NOTE]
+> If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
@@ -299,8 +292,8 @@ The following example hides the taskbar:
+- [Overview of Windows 11](/windows/whats-new/windows-11).
+- [Plan for Windows 11](/windows/whats-new/windows-11-plan).
+- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare).
+- [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is available.
## Deployment tools
-[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later, and Windows 11.
-New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
-VPN support is added to [Windows Autopilot](#windows-autopilot)
-An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).
-The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.
+- [SetupDiag](#setupdiag) is included with all currently supported versions of Windows.
+- New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
+- VPN support is added to [Windows Autopilot](#windows-autopilot).
+- An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).
## The Modern Desktop Deployment Center
-The [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Microsoft 365 Apps for enterprise.
+The [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home) has content to help you with large-scale deployment of supported version of Windows and Microsoft 365 Apps for enterprise.
## Microsoft 365
-Microsoft 365 is a new offering from Microsoft that combines
+Microsoft 365 is a new offering from Microsoft that combines:
-- Windows 10
-- Office 365
+- A currently supported version of Windows.
+- Office 365.
- Enterprise Mobility and Security (EMS).
-See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
+See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
-## Windows 10 servicing and support
+## Windows servicing and support
### Delivery Optimization
-Windows PowerShell cmdlets for Delivery Optimization have been improved:
+Windows PowerShell cmdlets for Delivery Optimization is improved:
-- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
+- **Get-DeliveryOptimizationStatus** has the **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
@@ -79,29 +75,36 @@ Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md
The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
-- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth)
- - Reason: Replaced with separate policies for foreground and background
-- Max Upload Bandwidth (DOMaxUploadBandwidth)
+- Percentage of Maximum Download Bandwidth (DOPercentageMaxDownloadBandwidth).
+ - Reason: Replaced with separate policies for foreground and background.
+- Max Upload Bandwidth (DOMaxUploadBandwidth).
- Reason: impacts uploads to internet peers only, which isn't used in enterprises.
-- Absolute max throttle (DOMaxDownloadBandwidth)
- - Reason: separated to foreground and background
+- Absolute max throttle (DOMaxDownloadBandwidth).
+ - Reason: separated to foreground and background.
### Windows Update for Business
[Windows Update for Business](./update/waas-manage-updates-wufb.md) enhancements in this release include:
-- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
-- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we've created a new policy that enables admins to opt devices out of the built-in safeguard holds.
+- **Intune console updates**: target version is now available allowing you to specify which supported version of Windows you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
+
+- **Validation improvements**: To ensure devices and end users stay productive and protected, Microsoft blocks devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, a new policy is available that enables admins to opt devices out of the built-in safeguard holds.
+
+- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows automatically signs in as the user and locks their device in order to complete the update. This automatic sign-on ensures that when the user returns and unlocks the device, the update is completed.
+
+- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There's now a single, common start date for phased deployments (no more SAC-T designation). In addition, there's a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
-- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
-- **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
-- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
-- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
-- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the table below.
+- **Pause updates**: The ability to pause updates for both feature and monthly updates is extended. This extension ability is for all currently supported editions of Windows, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, the device needs to update before pausing again.
+
+- **Improved update notifications**: When there's an update requiring you to restart your device, a colored dot appears on the Power button in the Start menu and on the Windows icon in the taskbar.
+
+- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
+
+- **Improved update orchestration to improve system responsiveness**: This feature improves system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
+
+Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the following table:
@@ -111,7 +114,7 @@ Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Mi
Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
-For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)
+For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
## Deployment solutions and tools
@@ -119,17 +122,17 @@ For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterpris
[Windows Autopilot](/windows/deployment/windows-autopilot/windows-autopilot) streamlines and automates the process of setting up and configuring new devices, with minimal interaction required from the end user. You can also use Windows Autopilot to reset, repurpose, and recover devices.
-With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
+With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Microsoft Entra hybrid join with VPN support.
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
+If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
The following Windows Autopilot features are available in Windows 10, version 1903 and later:
-- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
+- [Windows Autopilot for pre-provisioned deployment](/autopilot/pre-provision) is new in Windows 10, version 1903. Pre-provisioned deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
- The Intune [enrollment status page](/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover](/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
-- Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
+- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates begin downloading automatically during OOBE.
+- Windows Autopilot sets the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Microsoft Configuration Manager
@@ -137,25 +140,21 @@ An in-place upgrade wizard is available in Configuration Manager. For more infor
### Windows 10 Subscription Activation
-Windows 10 Education support has been added to Windows 10 Subscription Activation.
+Windows 10 Education support is added to Windows 10 Subscription Activation.
With Windows 10, version 1903, you can step up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions - Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
### SetupDiag
-[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
+[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why an update of Windows failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
-In Windows 10, version 2004, SetupDiag is now automatically installed.
-
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there's an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
+During the upgrade process, Windows Setup extracts all its sources files to the `%SystemDrive%\$Windows.~bt\Sources` directory. **SetupDiag.exe** is also installed to this directory. If there's an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under `%SystemDrive%\Windows.Old` for cleanup.
### Upgrade Readiness
-The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017.
+Upgrade Readiness helps you ensure that applications and drivers are ready for an upgrade of Windows. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details.
-Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details.
-
-The development of Upgrade Readiness has been heavily influenced by input from the community; the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
+Input from the community heavily influenced the development of Upgrade Readiness and the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
For more information about Upgrade Readiness, see the following articles:
@@ -164,7 +163,7 @@ For more information about Upgrade Readiness, see the following articles:
### Update Compliance
-Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
+Update Compliance helps you to keep supported Windows devices in your organization secure and up-to-date.
Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues.
@@ -172,31 +171,35 @@ For more information about Update Compliance, see [Monitor Windows Updates with
### Device Health
-Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by helping to identify devices crashes and the cause. Device drivers that are causing crashes are identified along with alternative drivers that might reduce the number of crashes. Windows Information Protection misconfigurations are also identified. For more information, see [Monitor the health of devices with Device Health](/mem/configmgr/desktop-analytics/overview)
+Device Health is the newest Windows Analytics solution that complements the existing Upgrade Readiness and Update Compliance solutions by helping to identify devices crashes and the cause. Device drivers that are causing crashes are identified along with alternative drivers that might reduce the number of crashes. Windows Information Protection misconfigurations are also identified. For more information, see [Monitor the health of devices with Device Health](/mem/configmgr/desktop-analytics/overview).
### MBR2GPT
MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT.
-There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
+There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of supported versions of Windows that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT)
-MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There's currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
+MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019.
For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
+> [!IMPORTANT]
+>
+> MDT doesn't support versions of Windows after Windows 10 and Windows Server 2019.
+
### Windows Assessment and Deployment Kit (ADK)
-The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
+IT Pros can use the tools in the Windows Assessment and Deployment Kit (Windows ADK) to deploy Windows.
Download the Windows ADK and Windows PE add-on for Windows 11 [here](/windows-hardware/get-started/adk-install).
For information about what's new in the ADK, see [What's new in the Windows ADK](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
-Also see [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+Also see [Windows ADK for Windows scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
## Testing and validation guidance
@@ -206,19 +209,19 @@ The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual
For more information, see the following guides:
-- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
-- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
+- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md).
+- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md).
+- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md).
## Troubleshooting guidance
-[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The article provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
+[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and continues to be updated with new fixes. The article provides a detailed explanation of the Windows upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
## Related articles
-[Overview of Windows as a service](update/waas-overview.md)
-[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
-[Windows 10 release information](/windows/windows-10/release-information)
-[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
-[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
+- [Overview of Windows as a service](update/waas-overview.md).
+- [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md).
+- [Windows 10 release information](/windows/windows-10/release-information).
+- [Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications).
+- [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md).
+- [Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md).
diff --git a/windows/deployment/do/images/assigning-ip-2.png b/windows/deployment/do/images/assigning-ip-2.png
new file mode 100644
index 0000000000..4403b7e68b
Binary files /dev/null and b/windows/deployment/do/images/assigning-ip-2.png differ
diff --git a/windows/deployment/do/images/external-switch-1.jpg b/windows/deployment/do/images/external-switch-1.jpg
new file mode 100644
index 0000000000..7248d30ebe
Binary files /dev/null and b/windows/deployment/do/images/external-switch-1.jpg differ
diff --git a/windows/deployment/do/images/installation-complete-7.png b/windows/deployment/do/images/installation-complete-7.png
new file mode 100644
index 0000000000..8b1517348a
Binary files /dev/null and b/windows/deployment/do/images/installation-complete-7.png differ
diff --git a/windows/deployment/do/images/installation-info-4.png b/windows/deployment/do/images/installation-info-4.png
new file mode 100644
index 0000000000..41c2121e72
Binary files /dev/null and b/windows/deployment/do/images/installation-info-4.png differ
diff --git a/windows/deployment/do/images/memory-storage-5.png b/windows/deployment/do/images/memory-storage-5.png
new file mode 100644
index 0000000000..8e5b56f5c2
Binary files /dev/null and b/windows/deployment/do/images/memory-storage-5.png differ
diff --git a/windows/deployment/do/images/portal-installation-instructions-6.png b/windows/deployment/do/images/portal-installation-instructions-6.png
new file mode 100644
index 0000000000..201a1aa1d6
Binary files /dev/null and b/windows/deployment/do/images/portal-installation-instructions-6.png differ
diff --git a/windows/deployment/do/images/use-custom-dns-3.png b/windows/deployment/do/images/use-custom-dns-3.png
new file mode 100644
index 0000000000..90ef151c05
Binary files /dev/null and b/windows/deployment/do/images/use-custom-dns-3.png differ
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index c886372c0f..e34d7b6de7 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -15,7 +15,7 @@ metadata:
author: aczechowski
ms.author: aaroncz
manager: aaroncz
- ms.date: 03/07/2022 #Required; mm/dd/yyyy format.
+ ms.date: 12/22/2023 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index 1192eaf675..ec13e41993 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -15,7 +15,7 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Microsoft Connected Cache for Enterprise and Education
-ms.date: 02/06/2023
+ms.date: 11/07/2023
---
# Appendix
@@ -37,10 +37,10 @@ Most customers choose to install their cache node on a Windows Server with a nes
### Installing on VMware
-We've seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made:
+Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made. Ensure the VM is turned off before making the following configuration changes:
1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**.
-1. Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to **Yes**.
+1. Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"** is switched to **Yes**.
### Installing on Hyper-V
@@ -136,4 +136,4 @@ To verify that the Delivery Optimization client can download content using MCC,
- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
-- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
\ No newline at end of file
+- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md
index 10f5b9cddf..65d63be915 100644
--- a/windows/deployment/do/mcc-enterprise-deploy.md
+++ b/windows/deployment/do/mcc-enterprise-deploy.md
@@ -13,7 +13,7 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Microsoft Connected Cache for Enterprise and Education
-ms.date: 03/10/2023
+ms.date: 11/09/2023
---
# Deploy your cache node
@@ -29,7 +29,7 @@ To deploy MCC to your server:
1. [Create an MCC Node](#create-an-mcc-node-in-azure)
1. [Edit Cache Node Information](#edit-cache-node-information)
1. [Install MCC on a physical server or VM](#install-mcc-on-windows)
-1. [Verify proper functioning MCC server](#verify-proper-functioning-mcc-server)
+1. [Verify MCC functionality](#verify-mcc-server-functionality)
1. [Review common Issues](#common-issues) if needed.
For questions regarding these instructions contact [msconnectedcache@microsoft.com](mailto:msconnectedcache@microsoft.com)
@@ -194,12 +194,15 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
>
> [D] Do not run **[R] Run once** [S] Suspend [?] Help (default is "D"):
-1. Choose whether you would like to create a new virtual switch or select an existing one. Name your switch and select the Net Adapter to use for the switch. A computer restart will be required if you're creating a new switch.
+1. Choose whether you would like to create a new external virtual switch or select an existing external virtual switch.
+ If creating a new external virtual switch, name your switch and be sure to choose a Local Area Connection (USB adapters work as well however, we do not recommend using Wi-Fi). A computer restart will be required if you're creating a new switch.
> [!NOTE]
> Restarting your computer after creating a switch is recommended. You'll notice network delays during installation if the computer has not been restarted.
- If you restarted your computer after creating a switch, start from Step 2 above and skip step 5.
+ If you restarted your computer after creating a switch, start from step 2 above and skip to step 5.
+
+ If you opt to use an existing external switch, select the switch from the presented options. Local Area Connection (or USB) is preferable to Wi-Fi.
:::image type="content" source="./images/ent-mcc-script-new-switch.png" alt-text="Screenshot of the installer script running in PowerShell when a new switch is created." lightbox="./images/ent-mcc-script-new-switch.png":::
@@ -207,34 +210,46 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p
:::image type="content" source="./images/ent-mcc-script-existing-switch.png" alt-text="Screenshot of the installer script running in PowerShell when using an existing switch." lightbox="./images/ent-mcc-script-existing-switch.png":::
-1. Decide whether you would like to use dynamic or static address for the Eflow VM
+1. Decide whether you would like to use dynamic or static address for the Eflow VM. If you choose to use a static IP, do not use the IP address of the server. It is a VM, and it will have its own IP.
:::image type="content" source="./images/ent-mcc-script-dynamic-address.png" alt-text="Screenshot of the installer script running in PowerShell asking if you'd like to use a dynamic address." lightbox="./images/ent-mcc-script-dynamic-address.png":::
> [!NOTE]
> Choosing a dynamic IP address might assign a different IP address when the MCC restarts. A static IP address is recommended so you don't have to change this value in your management solution when MCC restarts.
-1. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and how many cores you would like to allocate for the VM. For this example, we chose the default values for all prompts.
-
-1. Follow the Azure Device Login link and sign into the Azure portal.
-
- :::image type="content" source="./images/ent-mcc-script-device-code.png" alt-text="Screenshot of the installer script running in PowerShell displaying the code and URL to use for the Azure portal." lightbox="./images/ent-mcc-script-device-code.png":::
-
-1. If this is your first MCC deployment, select **n** so that a new IoT Hub can be created. If you have already configured MCC before, choose **y** so that your MCCs are grouped in the same IoT Hub.
+ The IP address you assign to the EFLOW VM should be within the same subnet as the host server (based on the subnet mask) and not used by any other machine on the network.
+ For example, for host configuration where the server IP Address is 192.168.1.202 and the subnet mask is 255.255.255.0, the static IP can be anything 192.168.1.* except 192.168.1.202.
+
+ :::image type="content" source="./images/external-switch-1.jpg" alt-text="Screenshot of a sample output of ipconfig command showing example of subnet mask." lightbox="./images/external-switch-1.jpg":::
+ :::image type="content" source="./images/assigning-ip-2.png" alt-text="Screenshot of multiple installer questions about ipv4 address for Eflow." lightbox="./images/assigning-ip-2.png":::
+
+ If you would like to use your own DNS server instead of Google DNS 8.8.8.8, select **n** and set your own DNS server IP.
+ :::image type="content" source="./images/use-custom-dns-3.png" alt-text="Screenshot of multiple installer questions about setting an alternate DNS server." lightbox="./images/use-custom-dns-3.png":::
+ If you use a dynamic IP address, the DHCP server will automatically configure the IP address and DNS settings.
+
+1. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and how many cores you would like to allocate for the VM. For this example, we chose the default values for download path, install path, and virtual hard disk path.
+
+ :::image type="content" source="./images/installation-info-4.png" alt-text="Screenshot of multiple installer questions about memory and storage for EFLOW." lightbox="./images/installation-info-4.png":::
+ For more information, see [Sizing Recommendations](mcc-enterprise-prerequisites.md#sizing-recommendations) for memory, virtual storage, and CPU cores. For this example we chose the recommend values for a Branch Office/Small Enterprise deployment.
+
+ :::image type="content" source="./images/memory-storage-5.png" alt-text="Screenshot of multiple installer questions about memory and storage." lightbox="./images/memory-storage-5.png":::
+
+1. When the installation is complete, you should see the following output (the values below will be your own)
:::image type="content" source="./images/ent-mcc-script-complete.png" alt-text="Screenshot of the installer script displaying the completion summary in PowerShell." lightbox="./images/ent-mcc-script-complete.png":::
-
+
+ :::image type="content" source="./images/installation-complete-7.png" alt-text="Screenshot of expected output when installation is complete." lightbox="./images/installation-complete-7.png":::
1. Your MCC deployment is now complete.
+ If you don't see any errors, continue to the next section to validate your MCC deployment. Your VM will not appear in Hyper-V Manager as it is an EFLOW VM.
+ - After validating your MCC is properly functional, review your management solution documentation, such as [Intune](/mem/intune/configuration/delivery-optimization-windows), to set the cache host policy to the IP address of your MCC.
+ - If you had errors during your deployment, see the [Common Issues](#common-issues) section in this article.
- 1. If you don't see any errors, continue to the next section to validate your MCC deployment. Your VM will not appear in Hyper-V Manager as it is an EFLOW VM.
- 1. After validating your MCC is properly functional, review your management solution documentation, such as [Intune](/mem/intune/configuration/delivery-optimization-windows), to set the cache host policy to the IP address of your MCC.
- 1. If you had errors during your deployment, see the [Common Issues](#common-issues) section in this article.
-
-## Verify proper functioning MCC server
+## Verify MCC server functionality
#### Verify client side
@@ -251,14 +266,20 @@ Connect to the EFLOW VM and check if MCC is properly running:
:::image type="content" source="./images/ent-mcc-connect-eflowvm.png" alt-text="Screenshot of running connect-EflowVm, sudo -s, and iotedge list from PowerShell." lightbox="./images/ent-mcc-connect-eflowvm.png":::
-You should see MCC, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not MCC, try this command in a few minutes. The MCC container can take a few minutes to deploy.
+You should see MCC, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not MCC, try this command in a few minutes. The MCC container can take a few minutes to deploy. If iotedge list times out, you can run docker ps -a to list the running containers.
+If the 3 containers are still not running, run the following commands to check if DNS resolution is working correctly:
+```bash
+ping www.microsoft.com
+resolvectl query microsoft.com
+```
+See the [common issues](#common-issues) section for more information.
#### Verify server side
-For a validation of properly functioning MCC, execute the following command in the EFLOW VM or any device in the network. Replace
**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new ESP is created by shrinking the OS partition.|
+|**/allowFullOS**| By default, `MBR2GPT.exe` can only run from Windows PE and is blocked from running in full Windows. This option overrides this block and enables disk conversion while running in the full Windows environment.
**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new EFI system partition is created by shrinking the OS partition.|
## Examples
@@ -83,7 +82,7 @@ If any of these checks fails, the conversion won't proceed, and an error will be
In the following example, disk 0 is validated for conversion. Errors and warnings are logged to the default location of **`%windir%`**.
```cmd
-X:\>mbr2gpt.exe /validate /disk:0
+X:\> mbr2gpt.exe /validate /disk:0
MBR2GPT: Attempting to validate disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512
@@ -94,19 +93,24 @@ MBR2GPT: Validation completed successfully
In the following example:
-1. Using DiskPart, the current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0.
+1. The current disk partition layout is displayed prior to conversion using DiskPart - three partitions are present on the MBR disk (disk 0):
-2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](/windows/win32/fileio/disk-partition-types) is **07** corresponding to the installable file system (IFS) type.
+ - A system reserved partition.
+ - A Windows partition.
+ - A recovery partition.
+ - A DVD-ROM is also present as volume 0.
-3. The MBR2GPT tool is used to convert disk 0.
+1. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](/windows/win32/fileio/disk-partition-types) is **07** corresponding to the installable file system (IFS) type.
-4. The DiskPart tool displays that disk 0 is now using the GPT format.
+1. The MBR2GPT tool is used to convert disk 0.
-5. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
+1. The DiskPart tool displays that disk 0 is now using the GPT format.
-6. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type.
+1. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3).
-As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly.
+1. The OS volume is selected again. The detail displays that the OS volume is converted to the [GPT partition type](/windows/win32/api/winioctl/ns-winioctl-partition_information_gpt) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type.
+
+As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition boots properly.
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
-
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 89a981ff58..f5f57bd6c5 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -18,9 +18,9 @@ ms.date: 12/31/2017
# Create a deployment plan
-A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
+A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. Once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows clients are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
At the highest level, each ring comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
@@ -43,10 +43,10 @@ There are no definite rules for exactly how many rings to have for your deployme
## Advancing between rings
-There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
+There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project-based.
-- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
-- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
+- "Red button" (service-based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
+- "Green button" (project-based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal.
@@ -60,9 +60,9 @@ The purpose of the Preview ring is to evaluate the new features of the update. I
### Who goes in the Preview ring?
-The Preview ring users are the most tech savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
+The Preview ring users are the most tech-savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
-During your plan and prepare phases, you should focus on the following activities:
+During your plan and preparation phases, you should focus on the following activities:
- Work with Windows Insider Preview builds.
- Identify the features and functionality your organization can or wants to use.
@@ -87,7 +87,7 @@ Analytics can help with defining a good Limited ring of representative devices a
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don't have the applications or device drivers that are truly a representative sample of your network.
-During your pilot and validate phases, you should focus on the following activities:
+During your pilot and validation phases, you should focus on the following activities:
- Deploy new innovations.
- Assess and act if issues are encountered.
@@ -104,7 +104,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision), a broad deployment can occur relatively quickly.
> [!NOTE]
-> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
+> In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission-critical devices.
During the broad deployment phase, you should focus on the following activities:
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 58d36aae43..b3fa2680c5 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -27,7 +27,7 @@ Windows Update for Business product family has three elements:
- [Windows Update for Business reports](wufb-reports-overview.md) to monitor update deployment
- Deployment service APIs to approve and schedule specific updates for deployment, which are available through the Microsoft Graph and associated SDKs (including PowerShell)
-The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the[Windows Update for Business reports workbook](wufb-reports-workbook.md).
+The deployment service complements existing Windows Update for Business capabilities, including existing device policies and the [Windows Update for Business reports workbook](wufb-reports-workbook.md).
:::image type="content" source="media/7512398-deployment-service-overview.png" alt-text="Diagram displaying the three elements that are parts of the Windows Update for Business family.":::
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 6a83bab027..9352455d20 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -11,22 +11,22 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 10/31/2023
---
# Evaluate infrastructure and tools
-Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
+Before you deploy an update, assess your deployment infrastructure. For example, management systems like Configuration Manager, Microsoft Intune, or similar. Also assess current configurations such as security baselines, administrative templates, and policies that affect updates. Then set some criteria to define your operational readiness.
## Infrastructure
Do your deployment tools need updates?
-- If you use Configuration Manager, is it on the Current Branch with the latest release installed.? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
+- If you use Configuration Manager, is it on the current branch with the latest release installed? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
- Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows client feature update.
-Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.
+Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered.
## Device settings
@@ -36,35 +36,35 @@ Make sure your security baseline, administrative templates, and policies have th
Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows client update are set properly.
-- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
-- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you are about to deploy.
+- **Microsoft security baselines**: You should implement security baselines from Microsoft. They're included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
+- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you're about to deploy.
### Configuration updates
-There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
+There are several Windows policies that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. For example, policies set by group policy, Intune, or other methods. Check these policies to make sure they're set appropriately.
-- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
-- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.
+- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 23H2](https://www.microsoft.com/download/details.aspx?id=105667).
+- **Policies for update compliance and end-user experience**: Several settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.
## Define operational readiness criteria
-When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
+When you deploy an update, you need to make sure the update isn't introducing new operational issues. If incidents arise, make sure the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
- **Call trend**: Define what percentage increase in calls relating to Windows client feature updates are acceptable or can be supported.
- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows client feature updates are acceptable or can be supported.
- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows client feature update.
-- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
+- **Process changes:** Define and update any processes that will change as a result of the Windows feature update.
-Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
+Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
## Tasks
Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. To help you keep track, you can classify the work into the following overarching tasks:
-- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they’ve all been defined.
-- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that have been identified for the update.
+- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they've all been defined.
+- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that you identified for the update.
- **Define infrastructure update plan**: Detail how your infrastructure must change to support the update.
-- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when it’s been deployed.
-- **Identify gaps that require attention**: Identify issues that will need to be addressed to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
+- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when you deploy it.
+- **Identify gaps that require attention**: Identify issues that you'll need to address to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
- **Define operational update plan**: Detail how your operational services and processes must change to support the update.
diff --git a/windows/deployment/update/includes/wufb-reports-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
index 388592c36c..88fd5d146e 100644
--- a/windows/deployment/update/includes/wufb-reports-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -5,10 +5,11 @@ manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
-ms.date: 08/21/2023
+ms.date: 12/15/2023
ms.localizationpriority: medium
---
-
+
+
Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data:
@@ -20,5 +21,5 @@ Devices must be able to contact the following endpoints in order to authenticate
| `settings-win.data.microsoft.com` | Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. |
| `adl.windows.com` | Required for Windows Update functionality. |
| `oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
-| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
-| `*.blob.core.windows.net` | Azure blob data storage.|
\ No newline at end of file
+| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices aren't visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
+| `ceuswatcab01.blob.core.windows.net`
`ceuswatcab02.blob.core.windows.net`
`eaus2watcab01.blob.core.windows.net`
`eaus2watcab02.blob.core.windows.net`
`weus2watcab01.blob.core.windows.net`
`weus2watcab02.blob.core.windows.net` | Azure blob data storage. |
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index e2f3ab0e3c..baae39d605 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -12,7 +12,8 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 07/17/2023
+- ✅ Windows Server
+ms.date: 12/05/2023
---
# Update Windows installation media with Dynamic Update
@@ -83,24 +84,24 @@ Properly updating the installation media involves a large number of actions oper
This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding boot manager from WinPE to the new media (28).
-|Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media |
-|-----------------------------------|-------------------|------------------|--------------------------------|-----------|
-|Add servicing stack Dynamic Update | 1 | 9 | 18 | |
-|Add language pack | 2 | 10 | 19 | |
-|Add localized optional packages | 3 | 11 | | |
-|Add font support | 4 | 12 | | |
-|Add text-to-speech | 5 | 13 | | |
-|Update Lang.ini | | 14 | | |
-|Add Features on Demand | | | 20 | |
-|Add Safe OS Dynamic Update | 6 | | | |
-|Add Setup Dynamic Update | | | | 26 |
-|Add setup.exe from WinPE | | | | 27 |
-|Add boot manager from WinPE | | | | 28 |
-|Add latest cumulative update | | 15 | 21 | |
-|Clean up the image | 7 | 16 | 22 | |
-|Add Optional Components | | | 23 | |
-|Add .NET and .NET cumulative updates | | | 24 | |
-|Export image | 8 | 17 | 25 | |
+|Task |WinRE (winre.wim) |Operating system (install.wim) | WinPE (boot.wim) | New media |
+|-----------------------------------|-------------------|--------------------------------|------------------|-----------|
+|Add servicing stack Dynamic Update | 1 | 9 | 17 | |
+|Add language pack | 2 | 10 | 18 | |
+|Add localized optional packages | 3 | | 19 | |
+|Add font support | 4 | | 20 | |
+|Add text-to-speech | 5 | | 21 | |
+|Update Lang.ini | | | 22 | |
+|Add Features on Demand | | 11 | | |
+|Add Safe OS Dynamic Update | 6 | | | |
+|Add Setup Dynamic Update | | | | 26 |
+|Add setup.exe from WinPE | | | | 27 |
+|Add boot manager from WinPE | | | | 28 |
+|Add latest cumulative update | | 12 | 23 | |
+|Clean up the image | 7 | 13 | 24 | |
+|Add Optional Components | | 14 | | |
+|Add .NET and .NET cumulative updates | | 15 | | |
+|Export image | 8 | 16 | 25 | |
> [!NOTE]
> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](./servicing-stack-updates.md).
@@ -110,13 +111,13 @@ This table shows the correct sequence for applying the various tasks to the file
### Multiple Windows editions
-The main operating system file (install.wim) contains multiple editions of Windows. It's possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
+The main operating system file (install.wim) might contain multiple editions of Windows. It's possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
### Additional languages and features
-You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what is in your starting image. To do this, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image.
+You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what's in your starting image. When you add more languages and features, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image.
-Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid this. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
+Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid the cleanup failure. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
## Windows PowerShell scripts to apply Dynamic Updates to an existing image
@@ -130,7 +131,7 @@ These examples are for illustration only, and therefore lack error handling. The
### Get started
-The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there's a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they aren't read-only.
+The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there's a script error and it's necessary to start over from a known state. Also, it provides a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they aren't read-only.
```powershell
#Requires -RunAsAdministrator
@@ -194,128 +195,231 @@ Copy-Item -Path $MEDIA_OLD_PATH"\*" -Destination $MEDIA_NEW_PATH -Force -Recurse
Get-ChildItem -Path $MEDIA_NEW_PATH -Recurse | Where-Object { -not $_.PSIsContainer -and $_.IsReadOnly } | ForEach-Object { $_.IsReadOnly = $false }
```
-### Update WinRE
+### Update WinRE and each main OS Windows edition
-The script assumes that only a single edition is being updated, indicated by Index = 1 (Windows 10 Education Edition). Then the script mounts the image, saves Winre.wim to the working folder, and mounts it. It then applies servicing stack Dynamic Update, since its components are used for updating other components. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package.
+The script will update each edition of Windows within the main operating system file (install.wim). For each edition, the main OS image is mounted.
-It finishes by cleaning and exporting the image to reduce the image size.
+For the first image, Winre.wim is copied to the working folder, and mounted. It then applies servicing stack Dynamic Update, since its components are used for updating other components. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package. It finishes by cleaning and exporting the image to reduce the image size.
+
+Next, for the mounted OS image, the script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it uses `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod). Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .NET), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image. You can install Optional Components, along with the .NET feature, offline, but that requires the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
+
+This process is repeated for each edition of Windows within the main operating system file. To reduce size, the serviced Winre.wim file from the first image is saved, and used to update each subsequent Windows edition. This reduces the final size of install.wim.
```powershell
-# Mount the main operating system, used throughout the script
-Write-Output "$(Get-TS): Mounting main OS"
-Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
-
#
-# update Windows Recovery Environment (WinRE)
+# Update each main OS Windows image including the Windows Recovery Environment (WinRE)
#
-Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
-Write-Output "$(Get-TS): Mounting WinRE"
-Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
-# Add servicing stack update (Step 1 from the table)
+# Get the list of images contained within WinPE
+$WINOS_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim"
-# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
-# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined
-# cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and
-# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined
-# cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined
-# cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the
-# combined cumulative update can be installed.
+Foreach ($IMAGE in $WINOS_IMAGES) {
-# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+ # first mount the main OS image
+ Write-Output "$(Get-TS): Mounting main OS, image index $($IMAGE.ImageIndex)"
+ Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
-# Now, attempt the combined cumulative update.
-# There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should
-# be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct
-# packages installed.
+ if ($IMAGE.ImageIndex -eq "1") {
-try
-{
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null
-}
-Catch
-{
- $theError = $_
- Write-Output "$(Get-TS): $theError"
+ #
+ # update Windows Recovery Environment (WinRE) within this OS image
+ #
+ Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
+ Write-Output "$(Get-TS): Mounting WinRE"
+ Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
+
+ # Add servicing stack update (Step 1 from the table)
+
+ # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
+ # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined
+ # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and
+ # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined
+ # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined
+ # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the
+ # combined cumulative update can be installed.
+
+ # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Now, attempt the combined cumulative update.
+ # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should
+ # be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct
+ # packages installed.
+
+ try
+ {
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null
+ }
+ Catch
+ {
+ $theError = $_
+ Write-Output "$(Get-TS): $theError"
- if ($theError.Exception -like "*0x8007007e*") {
- Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
- }
- else {
- throw
- }
-}
-
-# The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
-# update. This second approach is commented out below.
-
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-#
-# Optional: Add the language to recovery environment
-#
-# Install lp.cab cab
-Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
-Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
-
-# Install language cabs for each optional package installed
-$WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
-Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
-
- if ( ($PACKAGE.PackageState -eq "Installed") `
- -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
- -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
-
- $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
- if ($INDEX -ge 0) {
- $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
- if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
- $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
- Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
+ if ($theError.Exception -like "*0x8007007e*") {
+ Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
+ }
+ else {
+ throw
}
}
+
+ # The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update
+ # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+ # update. This second approach is commented out below.
+
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ #
+ # Optional: Add the language to recovery environment
+ #
+ # Install lp.cab cab
+ Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
+
+ # Install language cabs for each optional package installed
+ $WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT
+ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
+
+ if ( ($PACKAGE.PackageState -eq "Installed") `
+ -and ($PACKAGE.PackageName.startsWith("WinPE-")) `
+ -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) {
+
+ $INDEX = $PACKAGE.PackageName.IndexOf("-Package")
+ if ($INDEX -ge 0) {
+ $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
+ if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
+ $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
+ Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
+ }
+ }
+ }
+ }
+
+ # Add font support for the new language
+ if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
+ Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
+ }
+
+ # Add TTS support for the new language
+ if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
+ if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
+
+ Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
+ }
+ }
+
+ # Add Safe OS
+ Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
+ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
+
+ # Perform image cleanup
+ Write-Output "$(Get-TS): Performing image cleanup on WinRE"
+ DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
+
+ # Dismount
+ Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null
+
+ # Export
+ Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre.wim"
+ Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null
+
}
+
+ Copy-Item -Path $WORKING_PATH"\winre2.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -ErrorAction stop | Out-Null
+
+ #
+ # update Main OS
+ #
+
+ # Add servicing stack update (Step 18 from the table)
+
+ # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
+ # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that
+ # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
+ # cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully
+ # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published,
+ # and installed first before the combined cumulative update can be installed.
+
+ # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e
+ Write-Output "$(Get-TS): Adding package $LCU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null
+
+ # The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
+ # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+ # update. This second approach is commented out below.
+
+ # Write-Output "$(Get-TS): Adding package $SSU_PATH"
+ # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
+
+ # Optional: Add language to main OS
+ Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
+
+ # Optional: Add a Features on Demand to the image
+ Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
+ Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ # Note: If I wanted to enable additional Features on Demand, I'd add these here.
+
+ # Add latest cumulative update
+ Write-Output "$(Get-TS): Adding package $LCU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
+
+ # Perform image cleanup
+ Write-Output "$(Get-TS): Performing image cleanup on main OS"
+ DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
+
+ #
+ # Note: If I wanted to enable additional Optional Components, I'd add these here.
+ # In addition, we'll add .NET 3.5 here as well. Both .NET and Optional Components might require
+ # the image to be booted, and thus if we tried to cleanup after installation, it would fail.
+ #
+
+ Write-Output "$(Get-TS): Adding NetFX3~~~~"
+ Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
+
+ # Add .NET Cumulative Update
+ Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
+ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
+
+ # Dismount
+ Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
+
+ # Export
+ Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
+ Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex $IMAGE.ImageIndex -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null
+
}
-# Add font support for the new language
-if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
- Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
-}
-
-# Add TTS support for the new language
-if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
- if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
-
- Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
-
- Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
- Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
- }
-}
-
-# Add Safe OS
-Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
-Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
-
-# Perform image cleanup
-Write-Output "$(Get-TS): Performing image cleanup on WinRE"
-DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
-
-# Dismount
-Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null
-
-# Export
-Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim"
-Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null
-Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
+Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
```
### Update WinPE
@@ -459,103 +563,6 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH"\sources\boot.wim" -Force -ErrorAction stop | Out-Null
```
-### Update the main operating system
-
-For this next phase, there's no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it uses `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
-
-Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .NET), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image.
-
-You can install Optional Components, along with the .NET feature, offline, but that requires the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
-
-```powershell
-#
-# update Main OS
-#
-
-# Add servicing stack update (Step 18 from the table)
-
-# Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
-# The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that
-# includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
-# cases, the servicing stack update is not published separately; the combined cumulative update should be used for this step. However, in hopefully
-# rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published,
-# and installed first before the combined cumulative update can be installed.
-
-# This is the code to handle the rare case that the SSU is published and required for the combined cumulative update
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-# Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e
-Write-Output "$(Get-TS): Adding package $LCU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null
-
-# The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
-# update. This second approach is commented out below.
-
-# Write-Output "$(Get-TS): Adding package $SSU_PATH"
-# Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null
-
-# Optional: Add language to main OS
-Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
-
-# Optional: Add a Features on Demand to the image
-Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
-Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
-Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-# Note: If I wanted to enable additional Features on Demand, I'd add these here.
-
-# Add latest cumulative update
-Write-Output "$(Get-TS): Adding package $LCU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
-
-# Copy our updated recovery image from earlier into the main OS
-# Note: If I were updating more than 1 edition, I'd want to copy the same recovery image file
-# into each edition to enable single instancing
-Copy-Item -Path $WORKING_PATH"\winre.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -ErrorAction stop | Out-Null
-
-# Perform image cleanup
-Write-Output "$(Get-TS): Performing image cleanup on main OS"
-DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
-
-#
-# Note: If I wanted to enable additional Optional Components, I'd add these here.
-# In addition, we'll add .NET 3.5 here as well. Both .NET and Optional Components might require
-# the image to be booted, and thus if we tried to cleanup after installation, it would fail.
-#
-
-Write-Output "$(Get-TS): Adding NetFX3~~~~"
-Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
-
-# Add .NET Cumulative Update
-Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
-Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
-
-# Dismount
-Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
-
-# Export
-Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
-Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null
-Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
-```
-
### Update remaining media files
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index fd0efc4571..7aa9bf3ff1 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -15,21 +15,22 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server
-ms.date: 12/31/2017
+ms.date: 12/08/2023
---
# Servicing stack updates
## What is a servicing stack update?
-Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically doesn't have updates released every month.
+
+Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the component-based servicing stack (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. [CBS](https://techcommunity.microsoft.com/t5/ask-the-performance-team/understanding-component-based-servicing/ba-p/373012) is a small component that typically doesn't have updates released every month.
## Why should servicing stack updates be installed and kept up to date?
-Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
+Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't have the latest servicing stack update installed, there's a risk that your device can't be updated with the latest Microsoft security fixes.
## When are they released?
-Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
+Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions, a servicing stack update might need to be released out of band to address an issue impacting systems installing the monthly security update. New servicing stack updates are classified as `Security` with a severity rating of `Critical`.
## What's the difference between a servicing stack update and a cumulative update?
@@ -38,14 +39,14 @@ Both Windows client and Windows Server use the cumulative update mechanism, in w
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest monthly security update release and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
-Microsoft publishes all cumulative updates and SSUs for Windows 10, version 2004 and later together as one cumulative monthly update to the normal release category in WSUS.
+Microsoft publishes all cumulative updates and servicing stack updates for Windows 10, version 2004 and later together as one cumulative monthly update to the normal release category in Windows Server Update Services (WSUS).
## Is there any special guidance?
-Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
-
Typically, the improvements are reliability and performance improvements that don't require any specific special guidance. If there's any significant impact, it will be present in the release notes.
+Most users don't need to install an isolated servicing stack update. In the rare case that you need to install an isolated servicing stack update, Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
+
## Installation notes
* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
@@ -56,6 +57,6 @@ Typically, the improvements are reliability and performance improvements that do
## Simplifying on-premises deployment of servicing stack updates
-With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update includes the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you'll only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update is available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
+With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update includes the latest servicing stack updates, to provide a single cumulative update payload to both WSUS and the Microsoft Update Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you'll only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update is available on Windows 10, version 2004 and later starting with [KB4601382](https://support.microsoft.com/kb/4601382), released in February of 2021.
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 840ea3d5a7..7856c98348 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -9,9 +9,8 @@ ms.author: mstewart
manager: aaroncz
ms.localizationpriority: medium
appliesto:
-- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 11/16/2023
---
# Configure BranchCache for Windows client updates
@@ -33,7 +32,10 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](/previous-versions/windows/it-pro/windows-7/dd637820(v=ws.10)) in the [BranchCache Early Adopter's Guide](/previous-versions/windows/it-pro/windows-7/dd637762(v=ws.10)).
-In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, set the Delivery Optimization **Download mode** to '100' (Bypass) to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+
+> [!Note]
+> [Bypass Download mode (100)](../do/waas-delivery-optimization-reference.md#download-mode) is only available in Windows 10 (starting in version 1607) and deprecated in Windows 11. BranchCache isn't supported for content downloaded using Delivery Optimization in Windows 11.
## Configure servers for BranchCache
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 6af6c31910..2a1baa5255 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -16,7 +16,7 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 08/22/2023
+ms.date: 11/30/2023
---
# Configure Windows Update for Business
@@ -210,7 +210,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
| MDM for Windows 10, version 1607 and later: ../Vendor/MSFT/Policy/Config/Update/**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
## Enable optional updates
-
+
In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy.
To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**.
@@ -243,8 +243,8 @@ The following options are available for the policy:
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
-| GPO for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
-| MDM for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: ./Device/Vendor/MSFT/Policy/Config/Update/**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| **GPO applies to**:
**GPO location**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| **MDM applies to**:
**MDM location**: ./Device/Vendor/MSFT/Policy/Config/Update/**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
## Enable features that are behind temporary enterprise feature control
@@ -269,7 +269,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
-| AllowOptionalContent *Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
+| AllowOptionalContent *Added in*:
| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
| AllowTemporaryEnterpriseFeatureControl *Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled. Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast 4: Systems take feature updates for the Windows Insider build - Slow 8: Systems take feature updates for the Release Windows Insider build Other value or absent: Receive all applicable updates |
| DeferFeatureUpdates | REG_DWORD | 1: Defer feature updatesOther value or absent: Don't defer feature updates |
@@ -285,7 +285,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
-| AllowOptionalContent *Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
+| AllowOptionalContent *Added in*:
| REG_DWORD | 1: Automatically receive optional updates (including CFRs) 2: Automatically receive optional updates 3: Users can select which optional updates to receive Other value or absent: Don't receive optional updates|
| AllowTemporaryEnterpriseFeatureControl *Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled. Other value or absent: Features that are shipped turned off by default will remain off |
| BranchReadinessLevel | REG_DWORD |2: Systems take feature updates for the Windows Insider build - Fast 4: Systems take feature updates for the Windows Insider build - Slow 8: Systems take feature updates for the Release Windows Insider build 32: Systems take feature updates from General Availability Channel Note: Other value or absent: Receive all applicable updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 58343cf36e..070ded3d1e 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -13,66 +13,70 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 11/07/2023
---
# What is Windows Update for Business?
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
Windows Update for Business is a free service that is available for the following editions of Windows 10 and Windows 11:
+
- Pro, including Pro for Workstations
- Education
- Enterprise, including Enterprise LTSC, IoT Enterprise, and IoT Enterprise LTSC
-Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
+Windows Update for Business enables IT administrators to keep their organization's Windows client devices always up to date with the latest security updates and Windows features by directly connecting these systems to the Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions, such as Microsoft Intune, to configure the Windows Update for Business settings that control how and when devices are updated.
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
## What can I do with Windows Update for Business?
-Windows Update for Business enables commercial customers to manage which Windows Updates are received when as well as the experience a device has when it receives them.
+Windows Update for Business enables commercial customers to manage which Windows Updates are received along with the experience a device has when it receives them.
-You can control Windows Update for Business policies by using either Mobile Device Management (MDM) tools such as Microsoft Intune or Group Policy management tools such as local group policy or the Group Policy Management Console (GPMC), as well as various other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud policy).
+You can control Windows Update for Business policies by using either MDM tools or Group Policy management, such as local group policy or the Group Policy Management Console (GPMC), and various other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud Policy).
+### Manage deployment of Windows Updates
-### Manage deployment of Windows Updates
-By using Windows Update for Business, you can control which types of Windows Updates are offered to devices in your ecosystem, when updates are applied, and deployment to devices in your organization in waves.
+By using Windows Update for Business, you can:
+- Control the types of Windows Updates are offered to devices in your organization
+- Control when updates are applied to the devices
+- Deploy updates to devices in your organization in waves
-### Manage which updates are offered
-Windows Update for Business enables an IT administrator to receive and manage a variety of different types of Windows Updates.
+### Manage which updates are offered
+
+Windows Update for Business enables an IT administrator to receive and manage various types of Windows Updates.
## Types of updates managed by Windows Update for Business
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
-- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices.
-- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates.
-- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
+- **Feature updates:** Previously referred to as upgrades, feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices.
+- **Quality updates:** Quality updates are traditional operating system updates. Typically quality updates are released on the second Tuesday of each month, though they can be released at any time. These include security, critical, and driver updates.
+- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
-
## Offering
-You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
+
+You can control when updates are applied. For example, you can defer when an update is installed on a device or by pausing updates for a certain period.
### Manage when updates are offered
+
You can defer or pause the installation of updates for a set period of time.
#### Enroll in prerelease updates
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both prerelease and released updates:
-- Windows Insider Canary
-- Windows Insider Dev
-- Windows Insider Beta
-- Windows Insider Preview
-- General Availability Channel
+- Windows Insider Canary channel
+- Windows Insider Dev channel
+- Windows Insider Beta channel
+- Windows Insider Release Preview channel
#### Defer an update
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they're pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it's offered to a device. That is, if you set a feature update deferral period of 365 days, the device won't install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
-
+An administrator can defer the installation of both feature and quality updates from deploying to devices within a range of time based on when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they're pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it's offered to a device. That is, if you set a feature update deferral period of 365 days, the device won't install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
|Category |Maximum deferral period |
|---------|---------|
@@ -85,13 +89,12 @@ A Windows Update for Business administrator can defer the installation of both f
#### Pause an update
-If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
-If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
+If you discover a problem while deploying a feature or quality update, you can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated. If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
To pause feature updates, use the **Select when Preview Builds and feature updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
Built-in benefits:
-When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
+When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device and a check to prevent repeated rollbacks.
### Recommendations
@@ -104,28 +107,38 @@ For the best experience with Windows Update, follow these guidelines:
### Manage the end-user experience when receiving Windows Updates
-Windows Update for Business provides controls to help meet your organization's security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience.
+Windows Update for Business provides controls to help meet your organization's security standards and provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience.
#### Recommended experience settings
Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
1. Automatically download, install, and restart (default if no restart policies are set up or enabled).
-2. Use the default notifications.
-3. Set update deadlines.
+1. Use the default notifications.
+1. Set update deadlines.
-##### Setting deadlines
+##### Setting deadlines
-A compliance deadline policy (released in June 2019) enables you to set separate deadlines and grace periods for feature and quality updates.
+A compliance deadline policy enables you to set separate deadlines and grace periods for feature and quality updates.
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
#### Update Baseline
+> [!NOTE]
+> The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you're using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
+
The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
->[!NOTE]
->The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
+## Other Windows Update for Business services
+The following services are part of the Windows Update for Business product family:
+
+- [Windows Update for Business reports](wufb-reports-overview.md) is a cloud-based solution that provides information about your Microsoft Entra joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the Azure portal. Windows Update for Business reports helps you:
+ - Monitor security, quality, driver, and feature updates for Windows 11 and Windows 10 devices
+ - Report on devices with update compliance issues
+ - Analyze and display your data in multiple ways
+
+- The [Windows Update for Business deployment service](deployment-service-overview.md) is a cloud service designed to work with your existing Windows Update for Business policies and Windows Update for Business reports. The deployment service provides additional control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices.
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index e65bab8900..cc945db4c2 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 10/10/2023
+ms.date: 11/30/2023
---
# Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
@@ -47,19 +47,19 @@ Drivers are automatically enabled because they're beneficial to device systems.
### Set when devices receive feature and quality updates
-#### I want to receive pre-release versions of the next feature update
+#### I want to receive prerelease versions of the next feature update
-1. Ensure that you're enrolled in the Windows Insider Program for Business. This is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
+1. Ensure that you're enrolled in the Windows Insider Program for Business. Windows Insider is a free program available to commercial customers to aid them in their validation of feature updates before they're released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
-1. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
+1. For any of test devices you want to install prerelease builds, use [Update/ManagePreviewBuilds](/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set the option to **Enable preview builds**.
-1. Use [Update/BranchReadinessLevel](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
+1. Use [Update/BranchReadinessLevel](/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using prerelease builds for validation.
-1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you're testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
+1. Additionally, you can defer prerelease feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you're testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This schedule helps ensure that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
#### I want to manage which released feature update my devices receive
-A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you won't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
+A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you don't receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
- To defer a feature update: [Update/DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays)
- To pause a feature update: [Update/PauseFeatureUpdatesStartTime](/windows/client-management/mdm/policy-csp-update#update-pausefeatureupdatesstarttime)
@@ -72,7 +72,7 @@ In this example, there are three rings for quality updates. The first ring ("pil
-When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates.
+When the quality update is released, it's offered to devices in the pilot ring the next time they scan for updates.
##### Five days later
The devices in the fast ring are offered the quality update the next time they scan for updates.
@@ -80,11 +80,11 @@ The devices in the fast ring are offered the quality update the next time they s
##### Ten days later
-Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates.
+Ten days after the quality update is released, it's offered to the devices in the slow ring the next time they scan for updates.
-If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves.
+If no problems occur, all of the devices that scan for updates are offered the quality update within ten days of its release, in three waves.
##### What if a problem occurs with the update?
@@ -109,13 +109,13 @@ If you need a device to stay on a version beyond the point when deferrals on the
#### I want to manage when devices download, install, and restart after updates
-We recommended that you allow to update automatically--this is the default behavior. If you don't set an automatic update policy, the device will attempt to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.
+We recommended that you allow to update automatically, which is the default behavior. If you don't set an automatic update policy, the device attempts to download, install, and restart at the best times for the user by using built-in intelligence such as intelligent active hours and smart busy check.
For more granular control, you can set the maximum period of active hours the user can set with [Update/ActiveHoursMaxRange](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange). You could also set specific start and end times for active ours with [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) and [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart).
-It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates are not disabled and provides a better experience when users can set their own active hours.
+It's best to refrain from setting the active hours policy because it's enabled by default when automatic updates aren't disabled and provides a better experience when users can set their own active hours.
-To update outside of the active hours, use [Update/AllowAutoUpdate](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) with Option 2 (which is the default setting). For even more granular control, consider using automatic updates to schedule the install time, day, or week. To do this, use Option 3, and then set the following policies as appropriate for your plan:
+To update outside of the active hours, use [Update/AllowAutoUpdate](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) with Option 2 (which is the default setting). For even more granular control, consider using automatic updates to schedule the install time, day, or week. To use a schedule, use Option 3, and then set the following policies as appropriate for your plan:
- [Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
- [Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)
@@ -132,7 +132,7 @@ If you don't want to allow any automatic updates prior to the deadline, set [Upd
#### I want to keep devices secure and compliant with update deadlines
-We recommend that you use set specific deadlines for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart. Use these settings:
+We recommend that you use set specific deadlines for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. Deadlines work by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart. Use these settings:
- [Update/ConfigureDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates ](/windows/client-management/mdm/policy-csp-update#update-configuredeadlineforqualityupdates)
@@ -140,7 +140,7 @@ We recommend that you use set specific deadlines for feature and quality updates
- [Update/ConfigureDeadlineGracePeriodForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#configuredeadlinegraceperiodforfeatureupdates)
- [Update/ConfigureDeadlineNoAutoReboot](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot)
-These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
+These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point, the device automatically schedules a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:
@@ -172,7 +172,7 @@ When **Specify deadlines for automatic updates and restarts** is set (For Window
There are additional settings that affect the notifications.
-We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
+We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
**0** (default) - Use the default Windows Update notifications
**1** - Turn off all notifications, excluding restart warnings
@@ -181,14 +181,14 @@ We recommend that you use the default notifications as they aim to provide the b
> [!NOTE]
> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
-Still more options are available in [Update/ScheduleRestartWarning](/windows/client-management/mdm/policy-csp-update#update-schedulerestartwarning). This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update. You can also specify the period for auto-restart imminent warning notifications with [Update/ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-csp-update#update-scheduleimminentrestartwarning) (15-60 minutes is the default). We recommend using the default notifications.
+Still more options are available in [Update/ScheduleRestartWarning](/windows/client-management/mdm/policy-csp-update#update-schedulerestartwarning). This setting allows you to specify the period for auto restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update. You can also specify the period for auto restart imminent warning notifications with [Update/ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-csp-update#update-scheduleimminentrestartwarning) (15-60 minutes is the default). We recommend using the default notifications.
#### I want to manage the update settings a user can access
-Every Windows device provides users with a variety of controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
+Every Windows device provides users with various controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using [Update/SetDisablePauseUXAccess](/windows/client-management/mdm/policy-csp-update#update-setdisablepauseuxaccess).
-When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
+When you disable this setting, users see **Some settings are managed by your organization** and the update pause settings are greyed out.
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use [Update/SetDisableUXWUAccess](/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess).
@@ -205,3 +205,11 @@ The features that are turned off by default from servicing updates will be enabl
- **0** (default): Allowed. All features in the latest monthly cumulative update are enabled.
- When the policy is set to **0**, all features that are currently turned off will turn on when the device next reboots
- **1** - Not allowed. Features that are shipped turned off by default will remain off
+
+#### I want to enable optional updates
+
+*Applies to:*
+- Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later
+- Windows 10, version 22H2 with [KB5032278](https://support.microsoft.com/help/5032278), or a later cumulative update installed
+
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using [AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent). For more information about optional content, see [Enable optional updates](waas-configure-wufb.md#enable-optional-updates).
\ No newline at end of file
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 372a36d6df..22c937a71a 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -17,7 +17,7 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.date: 10/10/2023
+ms.date: 11/30/2023
---
# Walkthrough: Use Group Policy to configure Windows Update for Business
@@ -202,7 +202,9 @@ If you use Windows Server Update Server (WSUS), you can prevent users from scann
#### I want to enable optional updates
-(*Starting in Windows 11, version 22H2 or later*)
+*Applies to:*
+- Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later
+- Windows 10, version 22H2 with [KB5032278](https://support.microsoft.com/help/5032278), or a later cumulative update installed
In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > Enable optional updates** policy.
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 2279f4318c..b75a881dc0 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -13,7 +13,7 @@ ms.collection:
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 12/31/2017
+ms.date: 12/08/2023
---
# Windows Update log files
@@ -24,18 +24,20 @@ The following table describes the log files created by Windows Update.
|Log file|Location|Description|When to use |
|-|-|-|-|
-|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
-|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered. |
+|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information included in the Windowsupdate.log log file to troubleshoot the issue.|
+|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator Service is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|
|
|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. |When you want to check whether the notification was triggered or not. |
|CBS.log|%systemroot%\Logs\CBS|This log provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to Windows Update installation.|
-## Generating WindowsUpdate.log
+## Generating WindowsUpdate.log
+
To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](/powershell/module/windowsupdate/get-windowsupdatelog?preserve-view=tru&view=win10-ps).
>[!NOTE]
>When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpdate.log unless you run **Get-WindowsUpdateLog** again.
-### Windows Update log components
+## Windows Update log components
+
The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
- AGENT- Windows Update agent
@@ -54,7 +56,7 @@ The Windows Update engine has different component names. The following are some
- PT- Synchronizes updates information to the local datastore
- REPORT- Collects reporting information
- SERVICE- Startup/shutdown of the Automatic Updates service
-- SETUP- Installs new versions of the Windows Update client when it is available
+- SETUP- Installs new versions of the Windows Update client when it's available
- SHUTDWN- Install at shutdown feature
- WUREDIR- The Windows Update redirector files
- WUWEB- The Windows Update ActiveX control
@@ -68,7 +70,7 @@ The Windows Update engine has different component names. The following are some
>[!NOTE]
>Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what's important.
-### Windows Update log structure
+## Windows Update log structure
The Windows update log structure is separated into four main identities:
- Time Stamps
@@ -82,7 +84,7 @@ The Windows update log structure is separated into four main identities:
The WindowsUpdate.log structure is discussed in the following sections.
-#### Time stamps
+### Time stamps
The time stamp indicates the time at which the logging occurs.
- Messages are usually in chronological order, but there may be exceptions.
- A pause during a sync can indicate a network problem, even if the scan succeeds.
@@ -90,15 +92,15 @@ The time stamp indicates the time at which the logging occurs.
-#### Process ID and thread ID
+### Process ID and thread ID
The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.
-- The first four hex digits are the process ID.
-- The next four hex digits are the thread ID.
+- The first four digits, in hex, are the process ID.
+- The next four digits, in hex, are the thread ID.
- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.
-#### Component name
+### Component name
Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:
- ProtocolTalker - Client-server sync
@@ -111,31 +113,36 @@ Search for and identify the components that are associated with the IDs. Differe
-#### Update identifiers
+### Update identifiers
+
+The following items are update identifiers:
+
+#### Update ID and revision number
-##### Update ID and revision number
There are different identifiers for the same update in different contexts. It's important to know the identifier schemes.
-- Update ID: A GUID (indicated in the previous screenshot) that's assigned to a given update at publication time
+- Update ID: A GUID (indicated in the previous screenshot) assigned to a given update at publication time
- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
- Revision numbers are reused from one update to another (not a unique identifier).
- The update ID and revision number are often shown together as "{GUID}.revision."
-##### Revision ID
-- A Revision ID (don't confuse this value with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
-- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
+#### Revision ID
+
+- A Revision ID (don't confuse this value with "revision number") is a serial number issued when an update is initially published or revised on a given service.
+- An existing update that is revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that isn't related to the previous ID.
- Revision IDs are unique on a given update source, but not across multiple sources.
- The same update revision might have different revision IDs on Windows Update and WSUS.
- The same revision ID might represent different updates on Windows Update and WSUS.
-##### Local ID
-- Local ID is a serial number issued when an update is received from a service by a given Windows Update client
+#### Local ID
+
+- Local ID is a serial number issued by a given Windows Update client when an update is received from a service.
- Typically seen in debug logs, especially involving the local cache for update info (Datastore)
-- Different client PCs will assign different Local IDs to the same update
+- Different client PCs assign different Local IDs to the same update
- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
-##### Inconsistent terminology
+#### Inconsistent terminology
- Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.
- Recognize IDs by form and context:
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 3f3c8c7937..7c76c5ad32 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports
description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
ms.prod: windows-client
ms.technology: itpro-updates
-ms.topic: conceptual
+ms.topic: how-to
author: mestew
ms.author: mstewart
manager: aaroncz
@@ -12,61 +12,60 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/15/2022
+ms.date: 12/15/2023
---
-# Manually configuring devices for Windows Update for Business reports
+# Manually configure devices for Windows Update for Business reports
-There are a number of requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with newer versions of Windows client. The [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
+There are many requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with later versions of Windows client. When any configuration requirements change, we'll update the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md). If that happens, you only need to redeploy the script.
The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Windows Update for Business reports are correctly configured.
2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
-3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It's recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
-
+3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. For proper functionality, leave Windows services set to their out-of-box default configurations.
## Required policies
-Windows Update for Business reports has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Windows Update for Business reports. Thee policies are listed below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
+The Windows Update for Business reports service has several policies that you need to configure appropriately. These policies allow Microsoft to process your devices and show them in Windows Update for Business reports. The policies are listed in the following subsections, separated by [mobile device management](/windows/client-management/mdm/) (MDM) or group policy.
-- **Policy** corresponds to the location and name of the policy.
-- **Value** Indicates what value the policy must be set to. Windows Update for Business reports requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
-- **Function** details why the policy is required and what function it serves for Windows Update for Business reports. It will also detail a minimum version the policy is required, if any.
+The following definitions apply for both tables:
-### Mobile Device Management policies
+- **Policy**: The location and name of the policy.
+- **Value**: Set the policy to this value. Windows Update for Business reports requires at least *Required* (previously *Basic*) diagnostic data, but can function with *Enhanced* or *Optional* (previously *Full*).
+- **Function**: Details for why the policy is required and what function it serves for Windows Update for Business reports. It also details a minimum version the policy requires, if any.
-Each MDM Policy links to its documentation in the configuration service provider (CSP) hierarchy, providing its exact location in the hierarchy and more details.
+### MDM policies
-| Policy | Data type | Value | Function | Required or recommended|
+Each MDM policy links to more detailed documentation in the configuration service provider (CSP) hierarchy.
+
+| Policy | Data type | Value | Function | Required or recommended |
|---|---|---|---|---|
-|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. | Required |
-|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | Recommended |
-|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended |
-| **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | 1 - Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
+| **System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#allowtelemetry) | Integer | `1`: Basic (Required) | Configures the device to send the minimum required diagnostic data. | Required |
+| **System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinsettingsux) | Integer | `1`: Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *AllowTelemetry* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
+| **System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#allowdevicenameindiagnosticdata) | Integer | `1`: Allowed | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to `0`: Disabled, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
+| **System/**[**ConfigureTelemetryOptInChangeNotification**](/windows/client-management/mdm/policy-csp-system#configuretelemetryoptinchangenotification) | Integer | `1`: Disabled | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
### Group policies
-All Group policies that need to be configured for Windows Update for Business reports are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.
+All group policies that you need to configure for Windows Update for Business reports are under the following path: **Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value*.
| Policy | Value | Function | Required or recommended|
|---|---|---|---|
-|**Allow Diagnostic Data** | Send required diagnostic data (minimum) | Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure diagnostic data opt-in setting user interface**. | Required |
-|**Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt in settings | Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | Recommended |
-|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. | Recommended |
-|**Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
+| **Allow Diagnostic Data** | Send required diagnostic data | Configures the device to send the minimum required diagnostic data. | Required |
+| **Configure diagnostic data opt-in setting user interface** | Disable diagnostic data opt-in settings | Determines whether users of the device can adjust diagnostic data to levels lower than you define by the *Allow Diagnostic Data* policy. Set the recommended value to disable opt-in settings, or users can change the effective diagnostic data level that might not be sufficient. | Recommended |
+| **Allow device name to be sent in Windows diagnostic data** | Enabled | Allows the device to send its name with Windows diagnostic data. If you don't configure this policy or set it to *Disabled*, then the data doesn't include the device name. If the data doesn't include the device name, you can't see the device in Windows Update for Business reports. In this instance, the reports show `#` instead. | Recommended |
+| **Configure diagnostic data opt-in change notifications** | Disable diagnostic data change notifications | Disables user notifications that appear for changes to the diagnostic data level. | Recommended |
## Required endpoints
-To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
-
[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
## Required services
-Many Windows and Microsoft services are required to ensure that not only the device can function, but Windows Update for Business reports can see device data. It's recommended that you allow all default services from the out-of-box experience to remain running. The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
+Many Windows services are required for Windows Update for Business reports to see device data. Allow all default services from the out-of-box experience to remain running. Use the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) to check whether required services are running or are allowed to run automatically.
## Next steps
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index 3b3527ba45..c81cd3c96b 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 08/30/2023
+ms.date: 12/15/2023
---
# Windows Update for Business reports prerequisites
@@ -22,12 +22,12 @@ Before you begin the process of adding Windows Update for Business reports to yo
## Azure and Microsoft Entra ID
-- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/)
+- An Azure subscription with [Microsoft Entra ID](/azure/active-directory/).
- Devices must be Microsoft Entra joined and meet the below OS, diagnostic, and endpoint access requirements.
- Devices can be [Microsoft Entra joined](/azure/active-directory/devices/concept-azure-ad-join) or [Microsoft Entra hybrid joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
-- Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (Workplace joined) aren't supported with Windows Update for Business reports.
-- The Log Analytics workspace must be in a [supported region](#log-analytics-regions)
-- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md)
+- Devices that are [Microsoft Entra registered](/azure/active-directory/devices/concept-azure-ad-register) only (workplace joined) aren't supported with Windows Update for Business reports.
+- The Log Analytics workspace must be in a [supported region](#log-analytics-regions).
+- Data in the **Driver update** tab of the [workbook](wufb-reports-workbook.md) is only available for devices that receive driver and firmware updates from the [Windows Update for Business deployment service](deployment-service-overview.md).
## Permissions
@@ -38,7 +38,7 @@ Before you begin the process of adding Windows Update for Business reports to yo
- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
-Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+Windows Update for Business reports only provides data for the standard desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
## Windows client servicing channels
@@ -49,27 +49,25 @@ Windows Update for Business reports supports Windows client devices on the follo
### Windows operating system updates
-- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
+For [changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended.
## Diagnostic data requirements
-At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
+At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what data each diagnostic level includes, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
The following levels are recommended, but not required:
-- The *Enhanced* level for Windows 10 devices
-- The *Optional* level for Windows 11 devices (previously *Full*)
-Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using a policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
+- The *Enhanced* level for Windows 10 devices.
+- The *Optional* level for Windows 11 devices (previously *Full*).
-
- - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
- - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
+Device names don't appear in Windows Update for Business reports unless you individually opt in devices by using a policy. The configuration script does this action for you, but when using other client configuration methods, set one of the following policies to display device names:
+- CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
+- Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
> [!TIP]
> Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings.
-
Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
## Endpoints
diff --git a/windows/deployment/update/wufb-reports-schema-enumerated-types.md b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
new file mode 100644
index 0000000000..af84c4b582
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
@@ -0,0 +1,280 @@
+---
+title: Enumerated types
+titleSuffix: Windows Update for Business reports
+description: Enumerated types for Windows Update for Business reports.
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+appliesto:
+- ✅ Windows 11
+- ✅ Windows 10
+ms.date: 12/06/2023
+---
+
+# Enumerated types for Windows Update for Business reports
+
+The following enumerated types are used in Windows Update for Business reports:
+
+## OSEdition
+
+SKU of Windows the device is running.
+
+|Value | Description |
+|---|---|
+| **Enterprise** | Windows Enterprise |
+| **Professional** | Windows Professional |
+| **ProfessionalWorkstation** | Windows Professional workstation |
+| **ProfessionalN** | Similar to Windows Professional edition but doesn't include Windows media player. |
+| **Education** | Windows Education |
+
+## OSArchitecture
+
+Architecture of the OS running on the client.
+
+|Value | Description |
+|---|---|
+| **amd64** | OS is 64-bit |
+| **x86** | OS is 32-bit |
+| **Unknown** | The OS architecture is unknown |
+
+## OSFeatureUpdateStatus
+
+Feature updates status
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default, sent if client data unavailable. |
+| **InService** | Client is on a version of Windows 10 that is serviced. |
+| **EndOfService** | Client is on a version of Windows 10 that is no longer serviced. |
+
+## OSQualityUpdateStatus
+
+Quality updates status
+
+|Value | Description |
+|---|---|
+| **Latest** | Client is on the latest quality update |
+| **NotLatest** | Client isn't on the latest quality update |
+
+## OSSecurityUpdateStatus
+
+Security updates status
+
+|Value | Description |
+|---|---|
+| **Latest** | Client is on the latest security update |
+| **NotLatest** | Client isn't on the latest security update |
+| **MultipleSecurityUpdatesMissing** | Client is missing multiple security updates |
+
+## OSFeatureUpdateComplianceStatus, OSSecurityUpdateComplianceStatus, OSQualityUpdateComplianceStatus
+
+Compliance status
+
+|Value | Description |
+|---|---|
+| **Compliant** | The latest deployment from the Windows Update for Business deployment service is installed on the client |
+| **NotCompliant** | The latest deployment from the Windows Update for Business deployment service isn't installed on the client|
+| **NotApplicable** | Client isn't part of any Windows Update for Business deployment service deployments |
+
+## OSServicingChannel
+
+Servicing channel of client
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default, release branch can't be defined. |
+| **SAC** | Semi-annual release channel |
+| **LTSC** | Long-term servicing channel |
+| **WIP-S** | Windows Insider Preview - Slow ring |
+| **WIP-F**| Windows Insider Preview - Fast ring |
+| **Internal** | An identifiable, but internal release ring |
+
+## ServiceState
+
+High-level service state OSServicingChannel
+
+|Value | Description |
+|---|---|
+| **Pending** | Windows Update for Business deployment service isn't targeting this update to this device because the update isn't ready. |
+| **Offering** | Service is offering the update to the device. The update is available for the device to get if it scans Windows Update. |
+| **OnHold** | Service is holding off on offering update to the device indefinitely. Until either the service or admin changes some condition, devices remain in this state. |
+| **Canceled** | Service canceled offering update to the device, and the device is confirmed to not be installing the update. |
+
+## ServiceSubstate
+
+Lower-level service state
+
+| Value | ServiceState |
+|---|---|
+| **Validation** | Update can't be offered to the device because a validation issue with the device and deployment service. |
+| **Scheduled** | Update isn't ready to be offered to the device, but is scheduled for offering at a later date. |
+| **OfferReady** | Update is currently being offered to the device from Windows Update. |
+| **RemovedFromDeployment** | Update offering was canceled because it was removed from the deployment because of an explicit administrator action. |
+| **AdminCancelled** | Update offering was canceled because of an explicit administrator action. |
+| **ServiceCancelled** | Update offering was canceled because of an automatic action by the deployment service. |
+| **AdminPaused** | Update is on hold because the deployment was paused with an explicit administrator action. |
+| **ServicePaused** | Update is on hold because of an automatic action by the deployment service. |
+| **SafeguardHold** | Update isn't offered because an existing safeguard hold on the device. |
+
+## ClientState
+
+High-level client state
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default value, if ClientSubstate is unknown (in other words, no client data) |
+| **Offering** | Update is being offered to device |
+| **Installing** | Update is in progress on device |
+| **Uninstalling** | Update is being uninstalled from device |
+| **Installed** | Update has been installed to device |
+| **Uninstalled** | Update has been uninstalled from device |
+| **Canceled** | Update has been canceled from device |
+| **OnHold** | Update has been on Hold |
+
+## ClientSubstate
+
+Lower-level client state
+
+|Value | Description |
+|---|---|
+| **Unknown** | Default value, if ClientSubstate is unknown (in other words, no client data) |
+| **Offering** | Update is being offered to device |
+| **Installing** | Update is in progress on device |
+| **Uninstalling** | Update is being uninstalled from device |
+| **Installed** | Update has been installed to device |
+| **Uninstalled** | Update has been uninstalled from device |
+| **Canceled** | Update has been canceled from device |
+| **OnHold** | Update has been on Hold |
+
+## UpdateCategory
+
+Type of update.
+
+|Value | Description |
+|---|---|
+| **WindowsQualityUpdate** | Windows feature update |
+| **WindowsFeatureUpdate** | Windows quality update |
+| **DriverUpdate** | Driver update |
+
+## UpdateClassification
+
+Whether this update is an upgrade, security, nonsecurity, or driver
+
+|Value | Description |
+|---|---|
+| **Security** | Update is a quality update containing security fixes |
+| **NonSecurity** | Update is a quality update not containing security fixes |
+| **Upgrade** | Update is a feature update |
+
+## UpdateSource
+
+Source of the update
+
+|Value | Description |
+|---|---|
+| **Inferred** | |
+| **MuV6** | Update through old Windows Update, or via WSUS (uses old protocol) |
+| **UUP** | Update through modern Windows Update |
+
+## ReadinessStatus
+
+Whether the device is capable of taking target OS and version.
+
+|Value | Description |
+|---|---|
+| **Capable** | The device meets all requirements to upgrade to Windows 11. |
+| **Not Capable** | The device doesn't meet the requirements to upgrade to Windows 11. Check Readiness Reason for the reason. |
+| **Unknown** | Microsoft doesn't have enough data points to determine the eligibility status. |
+
+## ReadinessReason
+
+Reason why the device isn't capable of updating to target OS and version.
+
+|Value | Description |
+|---|---|
+| **tpm** | [Trusted Platform Module](/windows/security/hardware-security/tpm/trusted-platform-module-overview) (TPM) version 2.0 is required. If your device doesn't meet the minimum requirements because of TPM, see [Enable TPM 2.0 on your PC](https://support.microsoft.com/windows/enable-tpm-2-0-on-your-pc-1fd5a332-360d-4f46-a1e7-ae6b0c90645c) to see if there are any remediation steps you can take. |
+| **cpufms** | CPU not supported. For more information, see [Windows Processor Requirements](/windows-hardware/design/minimum/windows-processor-requirements) |
+| **sysdrivesize** | 64 GB or larger storage device required. If your PC doesn't have a large enough storage drive, sometimes there are options for upgrading the drive. Consult your PC manufacturer's website or with a retailer to see if there are options to meet the minimum requirements for Windows 11. |
+| **UefiSecureBoot** | UEFI (Unified Extensible Firmware Interface) and Secure Boot capability. If your device doesn't meet the minimum requirements because it's not Secure Boot capable. For more information, see [Windows 11 and Secure Boot](https://support.microsoft.com/topic/a8ff1202-c0d9-42f5-940f-843abef64fad) to see if you're able to enable Secure Boot. Secure Boot can only be enabled with UEFI. |
+
+
+## AlertType
+
+Type of alert.
+
+|Value | Description |
+|---|---|
+| **ServiceUpdateAlert** | Alert is relevant to Windows Update for Business deployment service's offering of the content to the client. |
+| **ClientUpdateAlert** | Alert is relevant to client's ability to progress through the installation of the update content. |
+| **ServiceDeviceAlert** | Alert is relevant to device's status within Windows Update for Business deployment service |
+| **ClientDeviceAlert** | Alert is relevant to device's state |
+| **DeploymentAlert** | Alert is relevant to an entire deployment, or a significant number of devices in the deployment. |
+
+## AlertSubtype
+
+Subtype of alert.
+
+| Value | Description |
+|---|---|
+| **CancelledByUser** | The user canceled the update. |
+| **CertificateIssue** | An expired certificate was encountered. |
+| **DamagedMedia** | The update file appears to be damaged. |
+| **DeviceRegistrationInvalidAzureADJoin** | Device isn't able to register or authenticate properly with the deployment service due to not being device-level Entra ID joined. Devices that are workplace-joined aren't compatible with the deployment service. |
+| **DiskFull** | An operation couldn't be completed because the disk is full. |
+| **DiskIssue** | Windows Update has found disk corruption. |
+| **DownloadCancelled** | The download was canceled. |
+| **DownloadCredentialsIssue** | A proxy server or firewall on your network might require credentials. |
+| **DownloadIssue** | There was a download issue. |
+| **DownloadIssueServiceDisabled** | The service the download depends on is disabled. |
+| **DownloadTimeout** | A timeout occurred. |
+| **EndOfService** | Client OS is no longer being serviced |
+| **EndOfServiceApproaching** | Client OS servicing period completes in less than 60 days |
+| **FileNotFound** | The installer couldn't find a Windows component that it needs. |
+| **InstallAccessDenied** | Access denied. |
+| **InstallCancelled** | Install canceled. |
+| **InstallFileLocked** | Couldn't access the file because it's already in use. |
+| **InstallIssue** | There was an installation issue. |
+| **InstallSetupBlock** | There's an application or driver blocking the upgrade. |
+| **InstallSetupError** | Encountered an error while installing the new version of Windows. |
+| **InstallSetupRestartRequired** | A restart is required. |
+| **InstallSharingViolation** | An application is likely interfering with Windows Update. |
+| **InstallSystemError** | A system error occurred while installing the new version of Windows. |
+| **InsufficientUpdateConnectivity** | Device hasn't had sufficient connectivity to Windows Update to progress through the update process and will experience delays. |
+| **MultipleSecurityUpdatesMissing** | Client is missing multiple security updates |
+| **NetworkIssue** | The server timed out waiting for the requested. |
+| **PathNotFound** | The specified path can't be found. |
+| **RestartIssue** | The restart to apply updates is being blocked by one or more applications. |
+| **SafeguardHold** | Update can't be installed due to a known Safeguard Hold. |
+| **UnexpectedShutdown** | The installation stopped because Windows was shutting down or restarting. |
+| **WindowsComponentCorruption** | This device has a corrupted Windows component |
+| **WUBusy** | Windows Update tried to install an update while another installation process was already running. |
+| **WUComponentMissing** | Windows Update might be missing a component or the update file might be damaged. |
+| **WUDamaged** | The update file might be damaged. |
+| **WUFileCorruption** | Windows Update encountered corrupted files. |
+| **WUIssue** | An unexpected issue was encountered during the installation. |
+| **WUSetupError** | The setup process was suspended. |
+
+
+## AlertStatus
+
+Status of alert
+
+|Value | Description |
+|---|---|
+| **Active** | Alert is active, still requires attention. |
+| **Resolved** | Alert is resolved and no longer requires attention. |
+| **Deleted** | Alert was deleted from the backend system. |
+
+### AlertClassification
+
+Whether this alert is an error, a warning, or informational.
+
+| **Value** | Description |
+|---|---|
+| **Informational** | Alert is informational in nature. |
+| **Warning** | Alert is a warning |
+| **Error** | Alert is an error, or is related to an error. There should be an error code that maps to either something from the client or from the service. |
+| **Recommendation** | Alert is a recommendation, something to optimize. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index 9966c6a6ad..b5383c4ad8 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 08/09/2023
+ms.date: 12/06/2023
---
# UCClient
@@ -19,41 +19,63 @@ ms.date: 08/09/2023
UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS edition, and active hours (quantitative).
## Schema for UCClient
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. |
-| **DeviceFamily** | [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier |
-| **LastCensusScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
-| **LastWUScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
-| **OSArchitecture** | [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the operating system (not the device) this device is currently on. |
-| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
-| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `22621` | The major build number, in int format, the device is using. |
-| **OSEdition** | [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows edition |
-| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
-| **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
-| **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available feature update, for its feature update. |
-| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
-| **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available quality update, for its feature update. |
-| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. |
-| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
-| **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available security update, for its feature update. |
-| **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 servicing channel of the device. |
-| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. |
-| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
-| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the policy setting. |
-| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
-| **WUFeaturePauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for feature updates, possible values are Paused, NotPaused, NotConfigured. |
-| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
-| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values greater than `0` indicate the policy setting. |
-| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. `-1` indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
-| **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for quality updates, possible values are Paused, NotPaused, NotConfigured. |
+
+| Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceID** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **City** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Device city, based on IP address. |
+| **Country** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. |
+| **DeviceFamily** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `PC, Phone` | The device family such as PC, Phone. |
+| **DeviceFormFactor** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Notebook, Desktop, Phone.` | Currently, data isn't gathered to populate this field. The device form factor |
+| **DeviceManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Hewlett-Packard.` | Currently, data isn't gathered to populate this field. The device OEM manufacturer |
+| **DeviceModel** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `The device's OEM model ` | Currently, data isn't gathered to populate this field. The device OEM model |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Client-provided device name |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | The global device identifier |
+| **IsVirtual** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `Yes, No` | Whether device is a virtual device. |
+| **LastCensusScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
+| **LastWUScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
+| **NewTest_CF [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. |
+| **OSArchitecture** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `x86` | The architecture of the operating system (not the device) this device is currently on. |
+| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision |
+| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `22621` | The major build number, in int format, the device is using. |
+| **OSEdition** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Professional` | The Windows edition |
+| **OSFeatureUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Compliant` | Whether the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSFeatureUpdateEOSTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
+| **OSFeatureUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
+| **OSFeatureUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `InService;EndOfService` | Whether the device is on the latest available feature update, for its feature update. |
+| **OSQualityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSQualityUpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
+| **OSQualityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest` | Whether the device is on the latest available quality update, for its feature update. |
+| **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | No | `836` | The revision, in int format, this device is on. |
+| **OSSecurityUpdateComplianceStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `NotCompliant` | Whether the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
+| **OSSecurityUpdateStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether the device is on the latest available security update, for its feature update. |
+| **OSServicingChannel** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `SAC` | The elected Windows 10 servicing channel of the device. |
+| **OSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
+| **PrimaryDiskFreeCapacityMb** | | No | | Currently, data isn't gathered to populate this field. Free disk capacity of the primary disk in Megabytes. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClient` | The entity type |
+| **UpdateConnectivityLevel** | | Yes | | Currently, data isn't gathered to populate this field. Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. |
+| **WUAutomaticUpdates** | | No | | Currently, data isn't gathered to populate this field. Manage automatic update behavior to scan, download, and install updates. |
+| **WUDeadlineNoAutoRestart** | | No | | Currently, data isn't gathered to populate this field. Devices won't automatically restart outside of active hours until the deadline is reached - It's 1 by default and indicates enabled, 0 indicates disabled |
+| **WUDODownloadMode** | | No | | Currently, data isn't gathered to populate this field. The Windows Update DO DownloadMode configuration. |
+| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows Update feature update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
+| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | CSP: DeferFeatureUpdates. The Windows Update feature update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the policy setting. |
+| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUFeaturePauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause will end, if activated, else null. |
+| **WUFeaturePauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update feature update pause was activated, if activated, else null. Feature updates are paused for 35 days from the specified start date. |
+| **WUFeaturePauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for feature updates. Possible values are Paused, NotPaused, NotConfigured. |
+| **WUNotificationLevel** | | No | | Currently, data isn't gathered to populate this field. This policy allows you to define what Windows Update notifications users see. 0 (default) - Use the default Windows Update notifications. 1 - Turn off all notifications, excluding restart warnings. 2 - Turn off all notifications, including restart warnings |
+| **WUPauseUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to disable the Pause Updates feature. When this policy is enabled, the user can't access the Pause updates' feature. Supported values 0, 1. |
+| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
+| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. |
+| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | No | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUQualityPauseEndTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- will end, if activated, else null. |
+| **WUQualityPauseStartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The time Windows Update quality update pause- was activated; if activated; else null. |
+| **WUQualityPauseState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `NotConfigured` | Indicates pause status of device for quality updates. Possible values are Paused, NotPaused, NotConfigured. |
+| **WURestartNotification** | | No | | Currently, data isn't gathered to populate this field. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. The following list shows the supported values: 1 (default) = Auto Dismissal. 2 - User Dismissal. |
+| **WUServiceURLConfigured**| | No | | Currently, data isn't gathered to populate this field. The device checks for updates from Microsoft Update. Set to a URL, such as http://abcd-srv:8530. The device checks for updates from the WSUS server at the specified URL. Not configured. The device checks for updates from Microsoft Update. Set to a URL, such as http://abcd-srv:8530. The device checks for updates from the WSUS server at the specified URL. |
+| **WUUXDisabled** | | No | | Currently, data isn't gathered to populate this field. This policy allows the IT admin to remove access to scan Windows Update. When this policy is enabled, the user can't access the Windows Update scan, download, and install features. Default is 0. Supported values 0, 1. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index a497b36832..59208c8193 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCClientReadinessStatus
@@ -20,26 +20,29 @@ ms.date: 06/06/2022
UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) the device doesn't meet.
## Schema for UCClientReadinessStatus
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
-| **OSName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10` | The operating system name. |
-| **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Win10 OS Version (such as 19H2, 20H1, 20H2) currently installed on the device. |
-| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full OS build installed on this device, such as Major.Minor.Build.Revision |
-| **TargetOSName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 11` | The name of the operating system being targeted to the device for this readiness record.|
-| **TargetOSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `21H2` | The operating system version being targeted to the device for this readiness record.|
-| **TargetOSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22000.1` | The full operating system build number that's being targeted to the device for this readiness record.|
-| **ReadinessStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows Update.|
-| **ReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by the Windows Update applicability. |
-| **ReadinessScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed and the assessment was sent.|
-| **ReadinessExpiryTime**| [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the readiness assessment will expire.|
-| **SetupReadinessStatus**| [string](/azure/kusto/query/scalar-data-types/string) | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows setup.|
-| **SetupReadinessReason** | [string](/azure/kusto/query/scalar-data-types/string) | `CPU;TPM` | Lists which [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. |
-| **SetupReadinessTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when readiness was assessed by setup and the assessment was sent.|
-| **SetupReadinessExpiryTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The date and time when the setup readiness assessment will expire.|
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 10:26:03.478039` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace.|
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Client-provided device name |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | The global device identifier. |
+| **OSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full OS build installed on this device, such as Major.Minor.Build.Revision |
+| **OSName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10` | The operating system name. |
+| **OSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Win10 OS version (such as 19H2, 20H1, 20H2) currently installed on the device. |
+| **ReadinessExpiryTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when the readiness assessment will expire. |
+| **ReadinessReason** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `CPU;TPM` | Lists which hardware requirements are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by the Windows Update applicability. |
+| **ReadinessScanTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when readiness was assessed and the assessment was sent. |
+| **ReadinessStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows Update. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager Client ID, if available. |
+| **SetupReadinessExpiryTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when the setup readiness assessment will expire. |
+| **SetupReadinessReason** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `CPU;TPM` | Lists which hardware requirements are blocking the device from being capable of installing Windows 11. Field is null if the device is capable. This status is determined by Windows setup. |
+| **SetupReadinessStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Not capable` | The readiness status of the device is either capable, not capable, or unknown. This status is determined by Windows setup. |
+| **SetupReadinessTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when readiness was assessed by setup and the assessment was sent. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetOSBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.22000.1` | The full operating system build number that's being targeted to the device for this readiness record. |
+| **TargetOSName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 11` | The name of the operating system being targeted to the device for this readiness record. |
+| **TargetOSVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `21H2` | The operating system version being targeted to the device for this readiness record. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The date and time when Azure Monitor Logs ingested this record for your Log Analytics workspace. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClientReadinessStatus` | The entity type |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 760d757558..058a649dd6 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/05/2023
+ms.date: 12/06/2023
---
# UCClientUpdateStatus
@@ -20,39 +20,47 @@ ms.date: 06/05/2023
Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update.
## Schema for UCClientUpdateStatus
-
-| Field | Type | Example | Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | A string corresponding to the Microsoft Entra tenant to which the device belongs. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A string corresponding to this device's Microsoft Entra device ID |
-|**CatalogId** | [string](/azure/kusto/query/scalar-data-types/string) | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | The update catalog ID |
-| **ClientState** | [string](/azure/kusto/query/scalar-data-types/string) | `Installing` | Higher-level bucket of ClientSubstate. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | Last-known state of this update relative to the device, from the client. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Ranking of client substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
-| **ClientSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time of last client substate transition |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The identifier of the deployment that is targeting this update to this device, else empty. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Device's given name |
-| **FurthestClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadComplete` | Furthest clientSubstate |
-| **FurthestClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2400` | Ranking of furthest clientSubstate |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal global device identifier |
-| **IsUpdateHealty** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | `1` | True: No issues preventing this device from updating to this update have been found. False: There is something that may prevent this device from updating. |
-| **OfferReceivedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time when device last reported entering OfferReceived, else empty. |
-| **RestartRequiredTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time when device first reported entering RebootRequired (or RebootPending), else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. |
-| **SourceSystem** | [string](/azure/kusto/query/scalar-data-types/string)| `Azure`| |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this value would correspond to the full build (10.0.14393.385). |
-| **TargetBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `18363` | Integer of the Major portion of Build. |
-| **TargetKBNumber** | [string](/azure/kusto/query/scalar-data-types/string) | `KB4524570` | KB Article. |
-| **TargetRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | Integer or the minor (or revision) portion of the build. |
-| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The target operating system version, such as 1909. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceUpdateEvent` | The EntityType |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether the update classification is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
-| **UpdateInstalledTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime when event transitioned to UpdateInstalled, else empty. |
-| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
-| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update |
-| **UpdateSource** | [string](/azure/kusto/query/scalar-data-types/string) | `UUP` | The source of the update such as UUP, MUv6, Media |
-
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **ClientState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Installing` | This field applies to drivers only. Higher-level bucket of ClientSubstate. |
+| **ClientSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DownloadStart` | Last-known state of this update relative to the device, from the client. |
+| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Ranking of client substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
+| **ClientSubstateTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time of last client substate transition |
+| **DeploymentId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The identifier of the deployment that is targeting this update to this device, else empty. |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | Device's given name |
+| **EventData** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Json to fill with arbitrary K/V pairs. Used to populate contextual data that would otherwise be sparsely populated if elevated to a field always present in the schema. |
+| **FurthestClientSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `DownloadComplete` | Furthest clientSubstate |
+| **FurthestClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `2400` | Ranking of furthest clientSubstate |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | Microsoft internal global device identifier |
+| **IsUpdateHealthy** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1` | Currently, data isn't gathered to populate this field. True: No issues preventing this device from updating to this update have been found. False: There's something that may prevent this device from updating. |
+| **OfferReceivedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time when device last reported entering OfferReceived, else empty. |
+| **RestartRequiredTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | Date and time when device first reported entering RebootRequired (or RebootPending), else empty. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | A string corresponding to the Configuration Manager Client ID on the device. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full build of the content this DeviceUpdateEvent is tracking. For Windows 10 updates, this value would correspond to the full build (10.0.14393.385). |
+| **TargetBuildNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `18363` | Integer of the Major portion of Build. |
+| **TargetKBNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `KB4524570` | KB Article. |
+| **TargetRevisionNumber** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `836` | Integer or the minor (or revision) portion of the build. |
+| **TargetVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The target operating system version, such as 1909. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCClientUpdateStatus` | The entity type |
+| **UpdateCategory** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether the update classification is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateConnectivityLevel** | | Yes | | Currently, data isn't gathered to populate this field. Whether or not this device is maintaining a sufficiently cumulative and continuous connection to Windows Update so the update can progress optimally. |
+| **UpdateDisplayName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
+| **UpdateHealthGroupL1** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Grouping design to describe the current update installation's "health", L1 (highest-level). |
+| **UpdateHealthGroupL2** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L1 UpdateHealthGroup. |
+| **UpdateHealthGroupL3** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. Second grouping, subset of L1, more detailed. |
+| **UpdateHealthGroupRankL1** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L2 UpdateHealthGroup. |
+| **UpdateHealthGroupRankL2** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Third grouping, subset of L3, more detailed. |
+| **UpdateHealthGroupRankL3** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Integer for ranking the L3 UpdateHealthGroup. |
+| **UpdateId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. Update ID of the targeted update |
+| **UpdateInstalledTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | DateTime when event transitioned to UpdateInstalled, else empty. |
+| **UpdateManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
+| **UpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020/05/14 09:26:03.478 AM` | The release date of the update |
+| **UpdateSource** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `UUP` | The source of the update such as UUP, MUv6, Media |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index a449781e51..e5dfa88144 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCDeviceAlert
@@ -19,32 +19,29 @@ ms.date: 06/06/2022
These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in the Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
## Schema for UCDeviceAlert
-
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
-| **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
-| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of alert for prioritization during troubleshooting |
-| **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this alert is Active, Resolved, or Deleted |
-| **AlertSubtype** | [string](/azure/kusto/query/scalar-data-types/string) | `DiskFull` | The subtype of alert. |
-| **AlertType** | [string](/azure/kusto/query/scalar-data-types/string) | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields will be present. |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra device ID of the device, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Rank of ClientSubstate |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
-| **Description** | [string](/azure/kusto/query/scalar-data-types/string) | `Disk full` | A localized string translated from a combination of other alert fields + language preference that describes the issue in detail. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | The given device's name |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft global identifier, if available. |
-| **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of alert) that provides a recommended action. |
-| **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else Empty. |
-| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `100` | Rank of ServiceSubstate |
-| **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `18363.836` | The Windows 10 Major. Revision this UpdateAlert is relative to. |
-| **TargetVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 build this UpdateAlert is relative to. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this content is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
+
+|Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AlertClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Error` | Whether this alert is an Error, a Warning, or Informational |
+| **AlertData** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. An optional string formatted as a json payload containing metadata for the alert. |
+| **AlertId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
+| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | `1000` | Integer ranking of alert for prioritization during troubleshooting |
+| **AlertStatus** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Active` | Whether this alert is Active, Resolved, or Deleted |
+| **AlertSubtype** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DiskFull` | The subtype of alert. |
+| **AlertType** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields are present. |
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **Description** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Disk full` | A localized string translated from a combination of other alert fields + language preference that describes the issue in detail. |
+| **DeviceName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | The given device's name |
+| **ErrorCode** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. The Error Code, if any, that triggered this Alert. In the case of Client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
+| **ErrorSymName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. The symbolic name that maps to the Error Code, if any. Otherwise empty. |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:1298371934870` | Internal Microsoft global identifier, if available. |
+| **Recommendation** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on source of alert) that provides a recommended action. |
+| **ResolvedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
+| **SCCMClientId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **StartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCDeviceAlert` | The entity type |
+| **URL** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `aka.ms/errordetail32152` | Currently, data isn't gathered to populate this field. An optional URL to get more in-depth information related to this alert. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index d6b10a0364..33540428e2 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -12,7 +12,7 @@ ms.reviewer: carmenf
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/17/2022
+ms.date: 12/06/2023
---
# UCDOAggregatedStatus
diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
index c9f8f9a935..98e6832a40 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
@@ -11,7 +11,7 @@ ms.reviewer: carmenf
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/17/2022
+ms.date: 12/06/2023
---
# UCDOStatus
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index 004f2def5e..c78b2c076d 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCServiceUpdateStatus
@@ -19,38 +19,41 @@ ms.date: 06/06/2022
Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real time.
## Schema for UCServiceUpdateStatus
-
-| Field | Type | Example | Description |
-|---|---|---|---|
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID will map to that policy, otherwise it will be empty. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | A GUID corresponding to the Microsoft Entra tenant to which the device belongs. |
-|**CatalogId** | [string](/azure/kusto/query/scalar-data-types/string) | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | The update catalog ID |
-| **DeploymentApprovedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time of the update approval |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) |`cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID will map to that policy, otherwise it will be empty. |
-| **DeploymentName** | [string](/azure/kusto/query/scalar-data-types/string) |`My deployment` | Friendly name of the created deployment |
-| **DeploymentIsExpedited** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | `1` | Whether the content is being expedited |
-| **DeploymentRevokeTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time the update was revoked |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | Microsoft internal global device identifier |
-| **OfferReadyTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | DateTime of OfferReady transition. If empty, not yet been offered. |
-| **PolicyCreatedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time the policy was created |
-| **PolicyId** | [string](/azure/kusto/query/scalar-data-types/string) | `9011c330-1234-5678-9abc-def012345678` | The policy identifier targeting the update to this device |
-| **PolicyName** | [string](/azure/kusto/query/scalar-data-types/string) | `My policy` | Friendly name of the policy |
-| **ServiceState** | [string](/azure/kusto/query/scalar-data-types/string) | `Offering` | High-level state of update's status relative to device, service-side. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | Low-level state of update's status relative to device, service-side. |
-| **ServiceSubstateTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Date and time of last ServiceSubstate transition. |
-| **SourceSystem** | [string](/azure/kusto/query/scalar-data-types/string)| `Azure`| |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full build for the content this event is tracking. For Windows 10, this string corresponds to "10.0.Build.Revision" |
-| **TargetVersion** | [int](/azure/kusto/query/scalar-data-types/int) | `1909` | The version of content this DeviceUpdateEvent is tracking. For Windows 10 updates, this number would correspond to the year/month version format used, such as 1903. |
-| **TenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `9011c330-1234-5678-9abc-def012345678` | Microsoft Entra tenant ID |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Time the snapshot ran can also be the same as EventDateTimeUTC in some cases. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `ServiceUpdateEvent` | The EntityType |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **UpdateDisplayName** | [string](/azure/kusto/query/scalar-data-types/string) | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
-| **UpdateManufacturer** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
-|**UpdateProvider** | [string](/azure/kusto/query/scalar-data-types/string) | `Microsoft` | Update provider of drivers and firmware |
-| **UpdateRecommendedTime** |[datetime](/azure/kusto/query/scalar-data-types/datetime) | `2022-05-14 09:26:03.478039` | Date and time when the update was recommended to the device |
-| **UpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the update |
-|**UpdateVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `20.0.19.3` | Update version of drivers or firmware |
-| **UpdateVersionTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | Update version date time stamp for drivers and firmware |
+
+| Field |Type | Enumerated type |Example |Description |
+|---|---|---|---|---|
+| **AzureADDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **DeploymentApprovedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time of the update approval |
+| **DeploymentId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID maps to that policy, otherwise it's empty. |
+| **DeploymentIsExpedited** | [bool](/azure/data-explorer/kusto/query/scalar-data-types/bool) | No | `1` | Currently, data isn't gathered to populate this field. It indicated whether the content is being expedited |
+| **DeploymentName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `My deployment` | Currently, data isn't gathered to populate this field. Friendly name of the created deployment |
+| **DeploymentRevokeTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time the update was revoked |
+| **GlobalDeviceId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:9832741921341` | Currently, data isn't gathered to populate this field. Microsoft internal global device identifier |
+| **OfferReadyTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | DateTime of OfferReady transition. If empty, not yet been offered. |
+| **PolicyCreatedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time the policy was created |
+| **PolicyId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9011c330-1234-5678-9abc-def012345678` | This field applies to drivers only. The policy identifier targeting the update to this device |
+| **PolicyName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `My policy` | Currently, data isn't gathered to populate this field. This field applies to drivers only. Friendly name of the policy. |
+| **ProjectedOfferReadyTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Projected time update will be offered to device. If empty, unknown. |
+| **ServiceState** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Offering` | High-level state of update's status relative to device, service-side. |
+| **ServiceSubstate** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `OfferReady` | Low-level state of update's status relative to device, service-side. |
+| **ServiceSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | No | | Currently, data isn't gathered to populate this field. Ranking of Substates for sequential ordering in funnel-type views. The rankings between ServiceSubstate and ClientSubstate can be used together. |
+| **ServiceSubstateTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Date and time of last ServiceSubstate transition. |
+| **SourceSystem** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **TargetBuild** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10.0.18363.836` | The full build for the content this event is tracking. For Windows 10, this string corresponds to "10.0.Build.Revision" |
+| **TargetVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The version of content this DeviceUpdateEvent is tracking. For Windows 10 updates, this number would correspond to the year/month version format used, such as 1903. |
+| **TenantId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9011c330-1234-5678-9abc-def012345678` | Microsoft Entra tenant ID |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | | `2020-05-14 09:26:03.478039` | Time the snapshot ran can also be the same as EventDateTimeUTC in some cases. |
+| **Type** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCServiceUpdateStatus` | The entity type |
+| **UdpateIsSystemManifest** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | | Currently, data isn't gathered to populate this field. This field applies to drivers only. |
+| **UpdateCategory** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateDisplayName** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Windows 10 1909` | The long-form display name for the given update. Varies on content type (feature update. quality update) |
+| **UpdateId** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. Update ID of the targeted update |
+| **UpdateManufacturer** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Manufacturer of update. Microsoft for feature or quality updates, for drivers the name of driver manufacturer. |
+| **UpdateProvider** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Microsoft` | This field applies to drivers only. Update provider of drivers and firmware |
+| **UpdateRecommendedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Date and time when the update was recommended to the device |
+| **UpdateReleaseTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | Currently, data isn't gathered to populate this field. The release date of the update |
+| **UpdateVersion** | [string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `20.0.19.3` | This field applies to drivers only. Update version of drivers or firmware |
+| **UpdateVersionTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | This field applies to drivers only. Update version date time stamp for drivers and firmware |
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index ba81be193a..588cbd8cb6 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/06/2022
+ms.date: 12/06/2023
---
# UCUpdateAlert
@@ -20,36 +20,39 @@ Alert for both client and service updates. Contains information that needs atten
## Schema for UCUpdateAlert
-|Field |Type |Example |Description |
-|---|---|---|---|
-| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
-| **AlertData** | [string](/azure/kusto/query/scalar-data-types/string) {json} | `{ "freeDiskCapacityMb": 3213, "contentSizeMb": 4381}` | An optional string formatted as a json payload containing metadata for the alert. |
-| **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
-| **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of alert for prioritization during troubleshooting |
-| **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this alert is Active, Resolved, or Deleted |
-| **AlertSubtype** | [string](/azure/kusto/query/scalar-data-types/string) | `DiskFull` | The subtype of alert |
-| **AlertType** | [string](/azure/kusto/query/scalar-data-types/string) | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields will be present |
-| **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra device ID of the device, if available. |
-| **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **ClientSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
-| **ClientSubstateRank** | [int](/azure/kusto/query/scalar-data-types/int) | `2300` | Rank of ClientSubstate |
-| **DeploymentId** | [string](/azure/kusto/query/scalar-data-types/string) | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
-| **Description** | [string](/azure/kusto/query/scalar-data-types/string) | `Disk full` | A localized string translated from a combination of other Alert fields + language preference that describes the issue in detail. |
-| **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | The given device's name |
-| **ErrorCode** | [string](/azure/kusto/query/scalar-data-types/string) | `0x8326CFA2D_C3FD` | The error code, if any, that triggered this alert. In the case of client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
-| **ErrorSymName** | [string](/azure/kusto/query/scalar-data-types/string) | `WU_E_DISK_FULL` | The symbolic name that maps to the error code, if any, otherwise empty. |
-| **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:1298371934870` | Internal Microsoft Global identifier, if available. |
-| **Recommendation** | [string](/azure/kusto/query/scalar-data-types/string) | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on the source of the alert) that provides a recommended action. |
-| **ResolvedTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
-| **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID of the device, if available. |
-| **ServiceSubstate** | [string](/azure/kusto/query/scalar-data-types/string) | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else empty. |
-| **StartTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
-| **TargetBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `18363.836` | The Windows 10 Major. Revision this UpdateAlert is relative to. |
-| **TargetVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 build this UpdateAlert is relative to. |
-| **TenantId** |[string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
-| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
-| **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `UpdateAlert` | The entity type. |
-| **UpdateCategory** | [string](/azure/kusto/query/scalar-data-types/string) | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
-| **UpdateClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), non-security (quality update), or driver |
-| **URL** | [string](/azure/kusto/query/scalar-data-types/string) | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. |
-| **UpdateId** | [string](/azure/kusto/query/scalar-data-types/string) | `10e519f0-06ae-4141-8f53-afee63e995f0` |Update ID of the targeted update|
+|Field |Type | ENUM |Example |Description |
+|---|---|---|---|---|
+| **AlertClassification** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Error` | Whether this alert is an error, a warning, or informational |
+| **AlertData** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `{ "freeDiskCapacityMb": 3213, "contentSizeMb": 4381}` | An optional string formatted as a json payload containing metadata for the alert. |
+| **AlertId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
+| **AlertRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | `1000` | Integer ranking of alert for prioritization during troubleshooting |
+| **AlertStatus** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Active` | Whether this alert is active, resolved, or deleted |
+| **AlertSubtype** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DiskFull` | The subtype of alert |
+| **AlertType** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `ClientUpdateAlert` | The type of alert such as ClientUpdateAlert or ServiceUpdateAlert. Indicates which fields are present. |
+| **AzureADDeviceId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Microsoft Entra Device ID |
+| **AzureADTenantId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID |
+| **CatalogId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `b0f410599615e2ce15e6614ac3fc4ec62d80324020351e172edef89091a64f2f` | This field applies to drivers only. The Catalog ID of the update from Windows Update for Business deployment service. |
+| **ClientSubstate** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `DownloadStart` | If the alert is from the client, the ClientSubstate at the time this alert was activated or updated, else empty. |
+| **ClientSubstateRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | `2300` | Rank of ClientSubstate |
+| **DeploymentId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `cf1b12a3-3d84-4ce3-bc8e-de48459e252d` | The deployment this alert is relative to, if there's one. |
+| **Description** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Disk full` | A localized string translated from a combination of other Alert fields + language preference that describes the issue in detail. |
+| **DeviceName** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `JohnPC-Contoso` | The given device's name |
+| **ErrorCode** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `0x8326CFA2D_C3FD` | The error code, if any, that triggered this alert. In the case of client-based explicit alerts, error codes can have extended error codes, which are appended to the error code with an underscore separator. |
+| **ErrorSymName** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `WU_E_DISK_FULL` | The symbolic name that maps to the error code, if any, otherwise empty. |
+| **GlobalDeviceId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `g:1298371934870` | Internal Microsoft Global identifier, if available. |
+| **Recommendation** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Free up disk space.` | A localized string translated from RecommendedAction, Message, and other fields (depending on the source of the alert) that provides a recommended action. |
+| **ResolvedTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was resolved, else empty. |
+| **SCCMClientId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration manager client ID of the device, if available. |
+| **ServiceSubstate** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `OfferReady` | If the alert is from the service, the ServiceSubstate at the time this alert was activated or updated, else empty. |
+| **ServiceSubstateRank** |[int](/azure/kusto/query/scalar-data-types/int) | No | | Rank of 'ClientSubstate' |
+| **SourceSystem** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `Azure` | |
+| **StartTime [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time this alert was activated. |
+| **TargetBuild** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `18363.836` | The Windows 10 Major. Revision this 'UpdateAlert' is relative to. |
+| **TargetVersion** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `1909` | The Windows 10 build this UpdateAlert is relative to. |
+| **TenantId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Microsoft Entra tenant ID of the device. |
+| **TimeGenerated [UTC]** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | No | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **Type** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `UCUpdateAlert` | The entity type |
+| **UpdateCategory** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `WindowsFeatureUpdate` | The type of content this DeviceUpdateEvent is tracking. |
+| **UpdateClassification** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | Yes | `Upgrade` | Whether this update is an upgrade (feature update), security (quality update), nonsecurity (quality update), or driver |
+| **UpdateId** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `10e519f0-06ae-4141-8f53-afee63e995f0` | This field applies to drivers only. The Update ID of the targeted update. |
+| **URL** |[string](/azure/data-explorer/kusto/query/scalar-data-types/string) | No | `aka.ms/errordetail32152` | An optional URL to get more in-depth information related to this alert. |
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index 8a4fc45ecb..75cdcb5587 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 11/15/2022
+ms.date: 12/06/2023
---
# Windows Update for Business reports schema
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 9eebdd0921..2507bb5313 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -1,83 +1,99 @@
---
-title: User State Migration Tool (USMT) - Getting Started (Windows 10)
-description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT).
+title: User State Migration Tool (USMT) - Getting Started
+description: Plan, collect, and prepare the source computer for migration using the User State Migration Tool (USMT).
+ms.reviewer: kevinmi,warrenw
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: frankroj
ms.topic: article
ms.technology: itpro-deploy
-ms.date: 11/01/2022
+ms.date: 01/09/2024
+appliesto:
+ - ✅ Windows 11
+ - ✅ Windows 10
---
# Getting started with the User State Migration Tool (USMT)
-This article outlines the general process that you should follow to migrate files and settings.
+This article outlines the general process to follow to migrate files and settings.
-## Step 1: Plan your migration
+## Step 1: Plan the migration
-1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
+1. [Plan The Migration](usmt-plan-your-migration.md). Depending on whether the migration scenario is refreshing or replacing computers, an online migration or an offline migration can be chosen. Offline migrations can use either Windows Preinstallation Environment (WinPE) or the files in the **Windows.old** directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
-1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
+1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data to consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
-1. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+1. Determine where to store data. Depending on the size of the migration store, data can be stored in one of the following locations:
-1. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
+ - Remotely.
+ - Locally in a hard-link migration store or on a local external storage device.
+ - Directly on the destination computer.
-1. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
+ For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+
+1. Use the `/GenMigXML` command-line option to determine which files are included in the migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
+
+1. If necessary, modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom **.xml** files. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, custom **.xml** file can be created or modify the rules in the existing migration **.xml** files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration **.xml** files.
> [!IMPORTANT]
- > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files.
+ >
+ > Microsoft recommends to always make copies of the **.xml** files included in User State Migration Tool (USMT) and then modify the copies. Never modify the original **.xml** files.
- You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+ The `MigXML.xsd` file can be used to help write and validate the **.xml** files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+
+1. Create a [Config.xml File](usmt-configxml-file.md) if to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options:
-1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options:
- [/genconfig](usmt-scanstate-syntax.md#migration-rule-options).
- - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`.
-
+ - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the **.xml** files that are being used with `ScanState.exe`.
+
For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files:
```cmd
ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
```
-1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file and specify `migrate=no` for any components that you don't want to migrate.
+1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file and specify `migrate=no` for any components that don't need to be migrated.
## Step 2: Collect files and settings from the source computer
1. Back up the source computer.
-1. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
+1. Close all applications. If some applications are running when the `ScanState.exe` command is run, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
> [!NOTE]
- > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `
|
-*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: Set USMT_WORKING_DIR=[path to working directory]
|
+|**USMT_WORKING_DIR**|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:Set MIG_OFFLINE_PLATFORM_ARCH=32
`Set USMT_WORKING_DIR=
`Set MIG_OFFLINE_PLATFORM_ARCH=32`|
## Offline.xml elements
-Use an `Offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option.
+Use an `Offline.xml` file when running the **ScanState** tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option.
-### <offline>
+### \
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
-|*MigApps.xml file*|Applications settings.|
-|*MigUser.xml* or *MigDocs.xml* files|User files and profile settings.|
-|*Custom XML files*|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
+|**Config.xml file**|Operating-system components such as desktop wallpaper and background theme.
The `Config.xml` can also be extended to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
+|**MigApps.xml file**|Applications settings.|
+|**MigUser.xml** or **MigDocs.xml** files|User files and profile settings.|
+|**Custom XML files**|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
-For example, you can use all of the XML migration file types for a single migration, as in the following example:
+For example, all of the XML migration file types can be used for a single migration, as in the following example:
```cmd
ScanState.exe