deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into ConfigRebrand-Two

Browse Source
This commit is contained in:
Laura Keller 2020-01-15 14:17:12 -08:00 committed by GitHub
commit ede90254a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
152 changed files with 4547 additions and 3157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
browsers/edge/group-policies/index.yml
View File

@ -2,19 +2,19 @@
documentType: LandingData
title: Microsoft Edge group policies
title: Microsoft Edge Legacy group policies
metadata:
document_id:
title: Microsoft Edge group policies
title: Microsoft Edge Legacy group policies
description: Learn how to configure group policies in Microsoft Edge on Windows 10.
description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.
text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
text: Some of the features in Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. (To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).)
keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile
ms.localizationpriority: medium
@ -36,7 +36,7 @@ sections:
- type: markdown
text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
- items:

12
browsers/edge/index.yml
View File

@ -2,19 +2,19 @@
documentType: LandingData
title: Microsoft Edge Group Policy configuration options
title: Microsoft Edge Legacy Group Policy configuration options
metadata:
document_id:
title: Microsoft Edge Group Policy configuration options
title: Microsoft Edge Group Legacy Policy configuration options
description:
text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge, Windows 10
text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn how to deploy and configure group policies in Microsoft Edge Legacy on Windows 10. Some of the features coming to Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
@ -36,7 +36,7 @@ sections:
- type: markdown
text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
- items:

1
devices/hololens/TOC.md
View File

@ -32,6 +32,7 @@
## [Create, share, and view photos and video](holographic-photos-and-videos.md)
# User management and access management
## [Accounts on HoloLens](hololens-identity.md)
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
## [Set up limited application access](hololens-kiosk.md)

111
devices/hololens/hololens-identity.md Normal file
View File

@ -0,0 +1,111 @@
---
title: Managing user identity and login on HoloLens
description: Manage user identity, security, and login on HoloLens.
keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
author: scooley
ms.author: scooley
ms.date: 1/6/2019
ms.prod: hololens
ms.topic: article
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
audience: ITPro
manager: jarrettr
appliesto:
- HoloLens (1st gen)
- HoloLens 2
---
# User identity and signin
> [!NOTE]
> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens:
| Identity type | Accounts per device | Authentication options |
| --- | --- | --- |
| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | <ul><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services.
## Setting up users
The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md).
Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs.
If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens.
By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy.
### Linked accounts
As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually.
Linking accounts does not separate the user data created on the device, such as images or downloads.
### Setting up multi-user support (AAD only)
> [!NOTE]
> **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user.
All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users.
## Removing users
You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device.
## Using single sign-on within an app
As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token.
If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand).
## Enterprise and other authentication
If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
## Deprecated APIs
One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account.
## Frequently asked questions
### Is Windows Hello for Business supported on HoloLens?
Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN.
> [!NOTE]
> Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
#### Does the type of account change the sign-in behavior?
Yes, the behavior for the type of account affects the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type:
- **Microsoft account**: signs in automatically
- **Local account**: always asks for password, not configurable in **Settings**
- **Azure AD**: asks for password by default, and configurable by **Settings** to no longer ask for password.
> [!NOTE]
> Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.
## Additional resources
Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/).
Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/).

2
devices/hololens/hololens-insider.md
View File

@ -44,7 +44,7 @@ To opt out of Insider builds:
## Provide feedback and report issues
Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
>[!NOTE]
>Be sure to accept the prompt that asks whether youd like Feedback Hub to access your Documents folder (select **Yes** when prompted).

2
devices/hololens/hololens2-setup.md
View File

@ -62,7 +62,7 @@ To turn on your HoloLens 2, press the Power button. The LED lights below the Po
| To turn on | Single button press. | All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. |
| To sleep | Single button press. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
| To wake from sleep | Single button press. | All five lights turn on, then change to indicate the battery level. A sound immediately plays. |
| To turn off | Press and for hold 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
| To turn off | Press and hold for 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
| To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. |
## HoloLens behavior reference

3
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -49,7 +49,8 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
```
[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
> [!IMPORTANT]
> ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.

13
devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
View File

@ -11,7 +11,7 @@ ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
ms.date: 10/21/2019
ms.date: 01/15/2020
ms.reviewer:
manager: dansimp
---
@ -99,10 +99,7 @@ Because customizations are performed by MDT at the time of deployment, the goal
For your deployed Windows environment to function correctly on your Surface devices, you will need to install the drivers used by Windows to communicate with the components of your device. These drivers are available for download in the Microsoft Download Center for each Surface device. You can find the correct Microsoft Download Center page for your device at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
When you browse to the specific Microsoft Download Center page for your device, you will notice that there are two files available for download. One file is a Windows Installer (.msi) file. This file is used to update drivers on devices that are already running Windows or that have device management solutions. The other file is an archive (.zip) file. This file contains the individual driver files that are used during deployment, or for manual installation with Device Manager. The file that you will need to download is the .zip archive file. You can read more about the difference between the firmware and driver pack file types at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
In addition to the driver files that help Windows communicate with the hardware components of the Surface device, the .zip file you download will also contain firmware updates. These firmware updates will update the instructions used by the device hardware to communicate between components and Windows. The firmware of Surface device components is updated by installation of specific driver files and thus is installed along with the other drivers during deployment. The firmware of an out-of-date Surface device is thus updated when the device reboots during and after the Windows deployment process.
When you browse to the specific Microsoft Download Center page for your device, you will find a Windows Installer (.msi) file. This file is used to update drivers on devices that are already running Windows or that have device management solutions. Firmware updates maintain the instructions used by the device hardware to communicate between components and Windows. The firmware of Surface device components is updated by installation of specific driver files and thus is installed along with the other drivers during deployment. For more information, see [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
>[!NOTE]
>Beginning in Windows 10, the drivers for Surface devices are included in the Windows Preinstallation Environment (WinPE). In earlier versions of Windows, specific drivers (like network drivers) had to be imported and configured in MDT for use in WinPE to successfully deploy to Surface devices.
@ -234,7 +231,7 @@ You now have an empty deployment share that is ready for you to add the resource
The first resources that are required to perform a deployment of Windows are the installation files from Windows 10 installation media. Even if you have an already prepared reference image, you still need to supply the unaltered installation files from your installation media. The source of these files can be a physical disk, or it can be an ISO file like the download from the Volume Licensing Service Center (VLSC).
>[!NOTE]
>A 64-bit operating system is required for compatibility with Surface Studio, Surface Pro 4, Surface Book, Surface Pro 3, and Surface 3.
>A 64-bit operating system is required for compatibility with Surface devices except Surface Pro X which cannot be managed with MDT.
To import Windows 10 installation files, follow these steps:
@ -404,9 +401,9 @@ Perform the reference image deployment and capture using the following steps:
* **Locale and Time** Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
* **Capture Image** Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine")
![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine")
*Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
*Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
* **Ready** You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.

9
devices/surface/microsoft-surface-brightness-control.md
View File

@ -46,9 +46,14 @@ documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
1. Run regedit from a command prompt to open the Windows Registry
Editor.
- Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
- Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Surface\Surface
Brightness Control\
If you're running an older version of Surface Brightness control, run the following command instead:
- Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
Brightness Control\
| Registry Setting | Data| Description
|-----------|------------|---------------

3
devices/surface/surface-dock-firmware-update.md
View File

@ -50,9 +50,6 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm
> [!NOTE]
> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
> [!NOTE]
> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
> [!IMPORTANT]

4
windows/client-management/mdm/passportforwork-csp.md
View File

@ -206,7 +206,7 @@ This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
<a href="" id="biometrics--only-for---device-vendor-msft-"></a>**Biometrics** (only for ./Device/Vendor/MSFT)
Node for defining biometric settings. This node was added in Windows 10, version 1511.
*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
*Not supported on Windows Holographic and Windows Holographic for Business.*
<a href="" id="biometrics-usebiometrics--only-for---device-vendor-msft-"></a>**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)
Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
@ -217,7 +217,7 @@ Default value is true, enabling the biometric gestures for use with Windows Hell
Supported operations are Add, Get, Delete, and Replace.
*Not supported on Windows Holographic and Windows Holographic for Business.*
*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
<a href="" id="biometrics-facialfeaturesuseenhancedantispoofing--only-for---device-vendor-msft-"></a>**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)
Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.

6
windows/client-management/mdm/policy-csp-browser.md
View File

@ -14,10 +14,14 @@ ms.localizationpriority: medium
# Policy CSP - Browser
> [!NOTE]
> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
<hr/>
> [!NOTE]
> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
<!--Policies-->
## Browser policies

14
windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
View File

@ -29,21 +29,11 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
![register azuread](images/azure-ad-add-tenant11.png)
3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
3. On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal.
![register azuread](images/azure-ad-add-tenant12.png)
![Azure-AD-updated](https://user-images.githubusercontent.com/41186174/71594506-e4845300-2b40-11ea-9a08-c21c824e12a4.png)
4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
![register azuread](images/azure-ad-add-tenant13.png)
5. It may take a few minutes to process the request.
![register azuread](images/azure-ad-add-tenant14.png)
6. You will see a welcome page when the process completes.
![register azuread](images/azure-ad-add-tenant15.png)
 

10
windows/deployment/update/waas-configure-wufb.md
View File

@ -125,9 +125,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
## Configure when devices receive Quality Updates
Quality Updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality Updates following their availability. You can defer receiving these Quality Updates for a period of up to 35 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
Quality updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
You can set your system to receive updates for other Microsoft products—known as Microsoft Updates (such as Microsoft Office, Visual Studio)—along with Windows Updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft Updates will follow the same deferral and pause rules as all other Quality Updates.
You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
>[!IMPORTANT]
>This policy defers both Feature and Quality Updates on Windows 10 Mobile Enterprise.
@ -146,7 +146,7 @@ You can set your system to receive updates for other Microsoft products—known
## Pause quality updates
You can also pause a system from receiving Quality Updates for a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality Updates. Following this scan, you can then pause quality Updates for the device again.
You can also pause a system from receiving quality updates for a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality updates. Following this scan, you can then pause quality updates for the device again.
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
@ -201,9 +201,9 @@ The policy settings to **Select when Feature Updates are received** allows you t
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
* MDM: **Update/BranchReadinessLevel**
## Exclude drivers from Quality Updates
## Exclude drivers from quality updates
Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to Feature Updates, where drivers might be dynamically installed to ensure the Feature Update process can complete.
Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to feature updates, where drivers might be dynamically installed to ensure the feature update process can complete.
**Policy settings to exclude drivers**

2
windows/deployment/update/waas-overview.md
View File

@ -174,7 +174,7 @@ With all these options, which an organization chooses depends on the resources,
| Windows Update | Yes (manual) | No | Delivery Optimization | None|
| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache | Distribution points, multiple deployment options |
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](https://docs.microsoft.com/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows 10 Update Delivery](https://docs.microsoft.com/windows/deployment/update/waas-optimize-windows-10-updates) | Distribution points, multiple deployment options |
>[!NOTE]
>Due to [naming changes](#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.

4
windows/deployment/upgrade/log-files.md
View File

@ -35,7 +35,7 @@ The following table describes some log files and how to use them for troubleshoo
<br>
<table>
<tr><td BGCOLOR="#a0e4fa"><B>Log file</td><td BGCOLOR="#a0e4fa"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><B>Description</td><td BGCOLOR="#a0e4fa"><B>When to use</td>
<tr><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Log file</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Description</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>When to use</td>
<tr><td rowspan="5">setupact.log</td><td>Down-Level:<br>$Windows.~BT\Sources\Panther</td><td>Contains information about setup actions during the downlevel phase. </td>
<td>All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.</td>
<tr><td>OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC</td>
@ -52,7 +52,7 @@ setupapi.dev.log<br>
Event logs (*.evtx)</td>
<td>$Windows.~BT\Sources\Rollback<td>Additional logs collected during rollback.</td>
<td>
Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump.<br>
Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.<br>
Setupapi: Device install issues - 0x30018<br>
Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
</table>

8
windows/deployment/upgrade/resolution-procedures.md
View File

@ -513,9 +513,9 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
<br /><table>
<tr>
<td BGCOLOR="#a0e4fa"><b>Error code</b></th>
<td BGCOLOR="#a0e4fa"><b>Cause</b></th>
<td BGCOLOR="#a0e4fa"><b>Mitigation</b></th>
<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Error code</b></font></td>
<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Cause</b></font></td>
<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Mitigation</b></font></td>
</tr>
<tr>
@ -647,7 +647,7 @@ For detailed information on how to run these steps check out <a href="https://bl
<br><table>
<tr><td BGCOLOR="#a0e4fa">Error Codes<td BGCOLOR="#a0e4fa">Cause<td BGCOLOR="#a0e4fa">Mitigation</td></tr>
<tr><td BGCOLOR="#a0e4fa"><font color="#000000">Error Codes<td BGCOLOR="#a0e4fa"><font color="#000000">Cause<td BGCOLOR="#a0e4fa"><font color="#000000">Mitigation</td></tr>
<tr><td>0x80070003- 0x20007
<td>This is a failure during SafeOS phase driver installation.

4
windows/deployment/upgrade/upgrade-error-codes.md
View File

@ -91,7 +91,7 @@ The following tables provide the corresponding phase and operation for values of
<br>
<table cellspacing="0" cellpadding="0">
<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><b>Extend code: phase</b></td>
<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><font color="#000000"><b>Extend code: phase</b></td>
<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 5.4pt 0in 5.4pt'><b>Phase</b>
<tr><td style='padding:0in 4pt 0in 4pt'>0<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNKNOWN
<tr><td style='padding:0in 4pt 0in 4pt'>1<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_DOWNLEVEL
@ -103,7 +103,7 @@ The following tables provide the corresponding phase and operation for values of
<table border="0" style='border-collapse:collapse;border:none'>
<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><B>Extend code: operation</B></td>
<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><font color="#000000"><B>Extend code: operation</B></td>
<tr><td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
<table>
<tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><span style='padding:0in 5.4pt 0in 5.4pt;'><b>Operation</b>

2215
windows/deployment/windows-10-poc.md
View File

File diff suppressed because it is too large Load Diff

10
windows/deployment/windows-autopilot/add-devices.md
View File

@ -104,13 +104,13 @@ Once the hardware IDs have been captured from existing devices, they can be uplo
- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings.
A summary of each platform's capabilities is provided below.
<br>
<table>
<tr>
<td BGCOLOR="#a0e4fa"><B>Platform/Portal</th>
<td BGCOLOR="#a0e4fa"><B>Register devices?</th>
<td BGCOLOR="#a0e4fa"><B>Create/Assign profile</th>
<td BGCOLOR="#a0e4fa"><B>Acceptable DeviceID</th>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Platform/Portal</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Register devices?</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Create/Assign profile</font></td>
<td BGCOLOR="#a0e4fa"><B><font color="#000000">Acceptable DeviceID</font></td>
</tr>
<tr>

9
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -68,15 +68,16 @@ See the following examples.
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module AzureAD -Force
Install-Module WindowsAutopilotIntune -Force
Install-Module Microsoft.Graph.Intune -Force
```
3. Enter the following lines and provide Intune administrative credentials
- In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
- Be sure that the user account you specify has sufficient administrative rights.
```powershell
Connect-MSGraph -user admin@M365x373186.onmicrosoft.com
Connect-MSGraph
```
The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
The user and password for your account will be requested using a standard Azure AD form. Type your username and password and then click **Sign in**.
<br>See the following example:
![Azure AD authentication](images/pwd.png)

209
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -1,5 +1,5 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1703.
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
ms.prod: w10
@ -7,14 +7,14 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: dansimp
ms.author: dansimp
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
ms.date: 04/19/2019
ms.reviewer:
ms.date: 01/04/2020
ms.reviewer:
---
@ -33,8 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@ -60,6 +59,7 @@ The following fields are available:
- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device.
- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device.
- **DecisionDevicePnp_RS2** The count of DataSourceMatchingInfoBlock objects present on this machine targeting the next release of Windows
- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device.
- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device.
- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
@ -77,7 +77,6 @@ The following fields are available:
- **SystemWim** The total number of objects of this type present on this device.
- **SystemWindowsActivationStatus** The count of DecisionSystemBios objects present on this machine targeting the next release of Windows
- **SystemWlan** The total number of objects of this type present on this device.
- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@ -92,7 +91,7 @@ The following fields are available:
- **HasCitData** Indicates whether the file is present in CIT data.
- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
- **IsAv** Is the file an anti-virus reporting EXE?
- **ResolveAttempted** This will always be an empty string when sending telemetry.
- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
@ -190,7 +189,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
The following fields are available:
@ -221,7 +220,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
The following fields are available:
@ -252,7 +251,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
The following fields are available:
@ -283,7 +282,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
This event sends compatibility database information about the BIOS to help keep Windows up to date.
The following fields are available:
@ -315,7 +314,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
This event sends compatibility decision data about a file to help keep Windows up-to-date.
This event sends compatibility decision data about a file to help keep Windows up to date.
The following fields are available:
@ -364,7 +363,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
This event sends compatibility decision data about a PNP device to help keep Windows up to date.
This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
The following fields are available:
@ -790,7 +789,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events.
### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
@ -856,7 +855,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
The following fields are available:
@ -927,7 +926,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
The following fields are available:
@ -960,7 +959,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
The following fields are available:
@ -1159,7 +1158,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemWlanAdd
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
The following fields are available:
@ -1196,32 +1195,32 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
The following fields are available:
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **AuxFinal** Obsolete, always set to false.
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **EnterpriseRun** Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run.
- **StoreHandleIsNotNull** Obsolete, always set to false
- **TelementrySent** Indicates if telemetry was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **TelementrySent** Indicates whether diagnostic data was successfully sent.
- **ThrottlingUtc** Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **Time** The client time of the event.
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
@ -1444,6 +1443,7 @@ The following fields are available:
- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine.
- **OSEdition** Retrieves the version of the current OS.
- **OSInstallDateTime** Retrieves the date the OS was installed using ISO 8601 (Date part) == yyyy-mm-dd
- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
- **OSOOBEDateTime** Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
- **OSSKU** Retrieves the Friendly Name of OS Edition.
@ -1538,6 +1538,7 @@ The following fields are available:
- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display.
- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
- **InternalPrimaryDisplayType** Represents the type of technology used in the monitor, such as Plasma, LED, LCOS, etc.
- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine
- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine.
- **VRAMDedicated** Retrieves the video RAM in MB.
@ -1720,7 +1721,7 @@ The following fields are available:
- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
- **op** Represents the ETW Op Code.
- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
- **sqmId** The Windows SQM ID.
- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
- **tickets** An array of strings that refer back to a key in the X-Tickets http header that the client uploaded along with a batch of events.
@ -1778,6 +1779,47 @@ This event provides information about the results of installing optional Windows
### CbsServicingProvider.CbsQualityUpdateInstall
This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
### CbsServicingProvider.CbsSelectableUpdateChangeV2
This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
The following fields are available:
- **applicableUpdateState** Indicates the highest applicable state of the optional content.
- **buildVersion** The build version of the package being installed.
- **clientId** The name of the application requesting the optional content change.
- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
- **hrDownloadResult** The return code of the download operation.
- **hrStatusUpdate** The return code of the servicing operation.
- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
- **majorVersion** The major version of the package being installed.
- **minorVersion** The minor version of the package being installed.
- **packageArchitecture** The architecture of the package being installed.
- **packageLanguage** The language of the package being installed.
- **packageName** The name of the package being installed.
- **rebootRequired** Indicates whether a reboot is required to complete the operation.
- **revisionVersion** The revision number of the package being installed.
- **stackBuild** The build number of the servicing stack binary performing the installation.
- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
- **stackRevision** The revision number of the servicing stack binary performing the installation.
- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
- **updateStartState** A value indicating the state of the optional content before the operation started.
- **updateTargetState** A value indicating the desired state of the optional content.
## Content Delivery Manager events
### Microsoft.Windows.ContentDeliveryManager.ProcessCreativeEvent
@ -1864,7 +1906,7 @@ The following fields are available:
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network.
The following fields are available:
@ -2597,6 +2639,45 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
This event sends details collected for a specific application on the source device.
The following fields are available:
- **AhaVersion** The binary version of the App Health Analyzer tool.
- **ApplicationErrors** The count of application errors from the event log.
- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit).
- **device_level** Various JRE/JAVA versions installed on a particular device.
- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type.
- **Jar** Flag to determine if an app has a Java JAR file dependency.
- **Jre** Flag to determine if an app has JRE framework dependency.
- **Jre_version** JRE versions an app has declared framework dependency for.
- **Name** Name of the application.
- **NonDPIAware** Flag to determine if an app is non-DPI aware
- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location.
- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution.
- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution.
- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility.
- **VB6** Flag to determine if an app is based on VB6 framework.
- **VB6v2** Additional flag to determine if an app is based on VB6 framework.
- **Version** Version of the application.
- **VersionCheck** Flag to determine if an app has a static dependency on OS version.
- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version.
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events.
The following fields are available:
- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument.
- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable.
- **Enhanced** Indicates the presence of the 'enhanced' command line argument.
- **StartTime** UTC date and time at which this event was sent.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
Invalid variant - Provides data on the installed Office Add-ins
@ -2724,6 +2805,15 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **IndicatorValue** The indicator value.
- **Value** Describes an operating system indicator that may be relevant for the device upgrade.
### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorEndSync
This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events has been sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
@ -2814,6 +2904,20 @@ The following fields are available:
- **UptimeDeltaMS** Duration in last state in milliseconds.
## Migration events
### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
This event returns data about the count of the migration objects across various phases during feature update.
### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
This event returns data to track the count of the migration objects across various phases during feature update.
## OneDrive events
### Microsoft.OneDrive.Sync.Setup.APIOperation
@ -4387,7 +4491,7 @@ The following fields are available:
- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed.
- **ExtendedStatusCode** The secondary status code of the event.
- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
@ -4799,7 +4903,13 @@ The following fields are available:
### FacilitatorTelemetry.DCATDownload
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
### FacilitatorTelemetry.DUDownload
This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows.
@ -4811,7 +4921,7 @@ This event determines whether devices received additional or critical supplement
### Setup360Telemetry.Downlevel
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
The following fields are available:
@ -5127,6 +5237,7 @@ The following fields are available:
- **CategoryId** The Item Category ID.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** The result code of the last action performed before this operation.
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Was this requested by a user?
- **IsMandatory** Was this a mandatory update?
@ -5137,6 +5248,7 @@ The following fields are available:
- **PFN** The product family name of the product being installed.
- **ProductId** The identity of the package or packages being installed.
- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled.
- **UpdateId** Update ID (if this is an update)
- **UserAttemptNumber** The total number of user attempts at installation before it was canceled.
- **WUContentId** The Windows Update content ID.
@ -5164,6 +5276,7 @@ The following fields are available:
- **BundleId** The identity of the Windows Insider build that is associated with this product.
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Was this requested by a user?
- **IsMandatory** Is this a mandatory update?
@ -5203,16 +5316,20 @@ The following fields are available:
- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
- **AttemptNumber** The total number of attempts to acquire this product.
- **BundleId** The bundle ID
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** HResult code to show the result of the operation (success/failure).
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Did the user initiate the installation?
- **IsMandatory** Is this a mandatory update?
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this happening after a device restore?
- **IsUpdate** Is this an update?
- **IsWin32** Flag indicating if this is a Win32app.
- **ParentBundledId** The product's parent bundle ID.
- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
- **PFN** Product Family Name of the product being installed.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
@ -5235,16 +5352,19 @@ The following fields are available:
- **DownloadSize** The total size of the download.
- **ExtendedHResult** Any extended HResult error codes.
- **HResult** The result code of the last action performed.
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this initiated by the user?
- **IsMandatory** Is this a mandatory installation?
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this a restore of a previously acquired product?
- **IsUpdate** Is this an update?
- **IsWin32** Flag indicating if this is a Win32 app (unused).
- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
- **PFN** The Product Family Name of the app being download.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The number of attempts by the system to download.
- **UpdateId** Update ID (if this is an update)
- **UserAttemptNumber** The number of attempts by the user to download.
- **WUContentId** The Windows Update content ID.
@ -5280,16 +5400,19 @@ The following fields are available:
- **ClientAppId** The identity of the app that initiated this operation.
- **ExtendedHResult** The extended HResult error code.
- **HResult** The result code of the last action performed.
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this an interactive installation?
- **IsMandatory** Is this a mandatory installation?
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this automatically restoring a previously acquired product?
- **IsUpdate** Is this an update?
- **IsWin32** Flag indicating if this a Win32 app (unused).
- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
- **PFN** Product Family Name of the product being installed.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The total number of system attempts.
- **UpdateId** Update ID (if this is an update)
- **UserAttemptNumber** The total number of user attempts.
- **WUContentId** The Windows Update content ID.
@ -5319,16 +5442,19 @@ The following fields are available:
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** The result code of the last action performed.
- **IntentPFNs** The licensing identity of this package.
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this user requested?
- **IsMandatory** Is this a mandatory update?
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this restoring previously acquired content?
- **IsUpdate** Is this an update?
- **IsWin32** Flag indicating if this a Win32 app (unused).
- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
- **PFN** The name of the package or packages requested for install.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The total number of system attempts.
- **UpdateId** Update ID (if this is an update)
- **UserAttemptNumber** The total number of user attempts.
- **WUContentId** The Windows Update content ID.
@ -5345,6 +5471,7 @@ The following fields are available:
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** The result code of the last action performed.
- **IntentPFNs** The licensing identity of this package.
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this user requested?
- **IsMandatory** Is this a mandatory update?
@ -5414,6 +5541,7 @@ The following fields are available:
- **BundleId** The identity of the build associated with this product.
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **IntentPFNs** The licensing identity of this package.
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this user requested?
- **IsMandatory** Is this a mandatory update?
@ -5443,6 +5571,7 @@ The following fields are available:
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** The result code of the last action performed before this operation.
- **IntentPFNs** Intent Product Family Name
- **IsBundle** Is this a bundle?
- **IsInteractive** Is this user requested?
- **IsMandatory** Is this a mandatory update?
@ -6260,6 +6389,12 @@ This event sends data specific to the FixupEditionId mitigation used for OS Upda
## Windows Update Reserve Manager events
### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
This event returns data about the Update Reserve Manager, including whether its been initialized.
@ -6272,6 +6407,12 @@ This event is sent when the Update Reserve Manager removes a pending hard reserv
### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
## Winlogon events
### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon

157
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
View File

@ -1,5 +1,5 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1709.
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
ms.prod: w10
@ -7,14 +7,14 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: dansimp
ms.author: dansimp
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
ms.date: 04/19/2019
ms.reviewer:
ms.date: 01/04/2020
ms.reviewer:
---
@ -33,8 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@ -102,7 +101,7 @@ The following fields are available:
- **HasCitData** Indicates whether the file is present in CIT data.
- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
- **IsAv** Is the file an anti-virus reporting EXE?
- **ResolveAttempted** This will always be an empty string when sending telemetry.
- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
@ -201,7 +200,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -234,7 +233,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -267,7 +266,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -300,7 +299,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
This event sends compatibility database information about the BIOS to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -333,7 +332,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
This event sends compatibility decision data about a file to help keep Windows up-to-date.
This event sends compatibility decision data about a file to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -347,7 +346,7 @@ The following fields are available:
- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB?
- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
- **NeedsDismissAction** Will the file cause an action that can be dimissed?
- **NeedsDismissAction** Will the file cause an action that can be dismissed?
- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade?
- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app.
@ -384,7 +383,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
This event sends compatibility decision data about a PNP device to help keep Windows up to date.
This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -828,7 +827,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events.
### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
@ -895,7 +894,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -970,7 +969,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1005,7 +1004,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1216,7 +1215,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemWlanAdd
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1255,7 +1254,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
The following fields are available:
@ -1266,21 +1265,21 @@ The following fields are available:
- **AuxFinal** Obsolete, always set to false.
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **EnterpriseRun** Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
- **PCFP** An ID for the system calculated by hashing hardware identifiers.
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run.
- **StoreHandleIsNotNull** Obsolete, always set to false
- **TelementrySent** Indicates if telemetry was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **TelementrySent** Indicates whether diagnostic data was successfully sent.
- **ThrottlingUtc** Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **Time** The client time of the event.
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
@ -1819,7 +1818,7 @@ The following fields are available:
- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
- **op** Represents the ETW Op Code.
- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
- **sqmId** The Windows SQM ID.
- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
- **tickets** An array of strings that refer back to a key in the X-Tickets http header that the client uploaded along with a batch of events.
@ -1914,6 +1913,12 @@ The following fields are available:
- **pendingDecision** Indicates the cause of reboot, if applicable.
### CbsServicingProvider.CbsQualityUpdateInstall
This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
### CbsServicingProvider.CbsSelectableUpdateChangeV2
This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
@ -1965,7 +1970,7 @@ Fired by UTC at startup to signal what data we are allowed to collect.
### TelClientSynthetic.ConnectivityHeartBeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network.
@ -2476,7 +2481,7 @@ The following fields are available:
### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -2650,6 +2655,45 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
This event sends details collected for a specific application on the source device.
The following fields are available:
- **AhaVersion** The binary version of the App Health Analyzer tool.
- **ApplicationErrors** The count of application errors from the event log.
- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit).
- **device_level** Various JRE/JAVA versions installed on a particular device.
- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type.
- **Jar** Flag to determine if an app has a Java JAR file dependency.
- **Jre** Flag to determine if an app has JRE framework dependency.
- **Jre_version** JRE versions an app has declared framework dependency for.
- **Name** Name of the application.
- **NonDPIAware** Flag to determine if an app is non-DPI aware
- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location.
- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution.
- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution.
- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility.
- **VB6** Flag to determine if an app is based on VB6 framework.
- **VB6v2** Additional flag to determine if an app is based on VB6 framework.
- **Version** Version of the application.
- **VersionCheck** Flag to determine if an app has a static dependency on OS version.
- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version.
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events.
The following fields are available:
- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument.
- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable.
- **Enhanced** Indicates the presence of the 'enhanced' command line argument.
- **StartTime** UTC date and time at which this event was sent.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
Invalid variant - Provides data on the installed Office Add-ins
@ -2837,7 +2881,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **BrowserFlags** Browser flags for Office-related products
- **BrowserFlags** Browser flags for Office-related products.
- **ExchangeProviderFlags** Office Exchange provider policies
- **InventoryVersion** The version of the inventory binary generating the events.
- **SharedComputerLicensing** Office Shared Computer Licensing policies
@ -3039,6 +3083,26 @@ The following fields are available:
- **UserInputTime** The amount of time the loader application spent waiting for user input.
## Migration events
### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
This event returns data to track the count of the migration objects across various phases during feature update.
### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
This event returns data about the count of the migration objects across various phases during feature update.
### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
This event returns data to track the count of the migration objects across various phases during feature update.
## OneDrive events
### Microsoft.OneDrive.Sync.Setup.APIOperation
@ -4411,7 +4475,7 @@ The following fields are available:
- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed.
- **ExtendedStatusCode** The secondary status code of the event.
- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
@ -5032,7 +5096,13 @@ The following fields are available:
### FacilitatorTelemetry.DCATDownload
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
### FacilitatorTelemetry.DUDownload
This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows.
@ -5044,7 +5114,7 @@ This event determines whether devices received additional or critical supplement
### Setup360Telemetry.Downlevel
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
The following fields are available:
@ -5274,7 +5344,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@ -5293,6 +5363,18 @@ The following fields are available:
- **m** The WaaS (“Workspace as a Service”—cloud-based “workspace”) Assessment Error String.
### Microsoft.Windows.WaaSMedic.RemediationFailed
This event is sent when the WaaS Medic update stack remediation tool fails to apply a described resolution to a problem that is blocking Windows Update from operating correctly on a target device.
The following fields are available:
- **diagnostic** Parameter where the resolution failed.
- **hResult** Error code that resulted from attempting the resolution.
- **isRemediated** Indicates whether the condition was remediated.
- **pluginName** Name of the attempted resolution.
### Microsoft.Windows.WaaSMedic.Summary
This event provides the results of the WaaSMedic diagnostic run
@ -5459,6 +5541,7 @@ The following fields are available:
- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
- **AttemptNumber** The total number of attempts to acquire this product.
- **BundleId** The bundle ID
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** HResult code to show the result of the operation (success/failure).
@ -5468,6 +5551,7 @@ The following fields are available:
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this happening after a device restore?
- **IsUpdate** Is this an update?
- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
- **PFN** Product Family Name of the product being installed.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
@ -6573,6 +6657,7 @@ The following fields are available:
This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
This event returns data about the Update Reserve Manager, including whether its been initialized.

520
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
View File

@ -1,5 +1,5 @@
---
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1803.
description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10)
keywords: privacy, telemetry
ms.prod: w10
@ -7,14 +7,14 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: dansimp
ms.author: dansimp
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
audience: ITPro
ms.date: 04/19/2019
ms.reviewer:
ms.date: 01/04/2020
ms.reviewer:
---
@ -33,7 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@ -135,7 +135,7 @@ The following fields are available:
- **HasCitData** Indicates whether the file is present in CIT data.
- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
- **IsAv** Is the file an antivirus reporting EXE?
- **ResolveAttempted** This will always be an empty string when sent.
- **ResolveAttempted** This will always be an empty string when sending diagnostic data.
- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
@ -234,7 +234,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -267,7 +267,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -300,7 +300,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -333,7 +333,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
This event sends compatibility database information about the BIOS to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -366,7 +366,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
This event sends compatibility decision data about a file to help keep Windows up-to-date.
This event sends compatibility decision data about a file to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -381,7 +381,7 @@ The following fields are available:
- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB?
- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
- **NeedsDismissAction** Will the file cause an action that can be dimissed?
- **NeedsDismissAction** Will the file cause an action that can be dismissed?
- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade?
- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app.
@ -418,7 +418,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
This event sends compatibility decision data about a PNP device to help keep Windows up to date.
This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -865,7 +865,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **AppraiserVersion** The version of the Appraiser file that is generating the events.
- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events.
### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
@ -931,7 +931,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1006,7 +1006,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1041,7 +1041,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1258,7 +1258,7 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.SystemWlanAdd
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -1297,18 +1297,18 @@ The following fields are available:
### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
The following fields are available:
- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run.
- **AppraiserProcess** The name of the process that launched Appraiser.
- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
- **AuxFinal** Obsolete, always set to false.
- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **EnterpriseRun** Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
- **InboxDataVersion** The original version of the data files before retrieving any newer version.
- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated.
@ -1317,14 +1317,14 @@ The following fields are available:
- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime.
- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic.
- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
- **RunResult** The hresult of the Appraiser telemetry run.
- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
- **RunResult** The hresult of the Appraiser diagnostic data run.
- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run.
- **StoreHandleIsNotNull** Obsolete, always set to false
- **TelementrySent** Indicates if telemetry was successfully sent.
- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
- **TelementrySent** Indicates whether diagnostic data was successfully sent.
- **ThrottlingUtc** Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability.
- **Time** The client time of the event.
- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
@ -1391,6 +1391,18 @@ The following fields are available:
- **IEVersion** The version of Internet Explorer that is running on the device.
### Census.Azure
This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets.
The following fields are available:
- **CloudCoreBuildEx** The Azure CloudCore build number.
- **CloudCoreSupportBuildEx** The Azure CloudCore support build number.
- **NodeID** The node identifier on the device that indicates whether the device is part of the Azure fleet.
- **PartA_PrivTags** The privacy tags associated with the event.
### Census.Battery
This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
@ -2105,6 +2117,43 @@ The following fields are available:
- **transactionCanceled** Indicates whether the uninstall was cancelled.
### CbsServicingProvider.CbsQualityUpdateInstall
This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
The following fields are available:
- **buildVersion** The build version number of the update package.
- **clientId** The name of the application requesting the optional content.
- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device.
- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure.
- **currentStateEnd** The final state of the package after the operation has completed.
- **doqTimeSeconds** The time in seconds spent updating drivers.
- **executeTimeSeconds** The number of seconds required to execute the install.
- **failureDetails** The driver or installer that caused the update to fail.
- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred.
- **hrStatusEnd** The return code of the install operation.
- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
- **majorVersion** The major version number of the update package.
- **minorVersion** The minor version number of the update package.
- **originalState** The starting state of the package.
- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation.
- **PartA_PrivTags** The privacy tags associated with the event.
- **planTimeSeconds** The time in seconds required to plan the update operations.
- **poqTimeSeconds** The time in seconds processing file and registry operations.
- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update.
- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot.
- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed.
- **rebootCount** The number of reboots required to install the update.
- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update.
- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update.
- **revisionVersion** The revision version number of the update package.
- **rptTimeSeconds** The time in seconds spent executing installer plugins.
- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update.
- **stackRevision** The revision number of the servicing stack.
- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update.
### CbsServicingProvider.CbsSelectableUpdateChangeV2
This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
@ -2250,7 +2299,7 @@ The following fields are available:
### TelClientSynthetic.ConnectivityHeartbeat_0
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network.
The following fields are available:
@ -3394,7 +3443,7 @@ The following fields are available:
### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@ -3568,6 +3617,50 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
This event sends details collected for a specific application on the source device.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **AhaVersion** The binary version of the App Health Analyzer tool.
- **ApplicationErrors** The count of application errors from the event log.
- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit).
- **device_level** Various JRE/JAVA versions installed on a particular device.
- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type.
- **Jar** Flag to determine if an app has a Java JAR file dependency.
- **Jre** Flag to determine if an app has JRE framework dependency.
- **Jre_version** JRE versions an app has declared framework dependency for.
- **Name** Name of the application.
- **NonDPIAware** Flag to determine if an app is non-DPI aware
- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location.
- **ProgramId** The ID of the associated program.
- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution.
- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution.
- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility.
- **VB6** Flag to determine if an app is based on VB6 framework.
- **VB6v2** Additional flag to determine if an app is based on VB6 framework.
- **Version** Version of the application.
- **VersionCheck** Flag to determine if an app has a static dependency on OS version.
- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version.
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument.
- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable.
- **Enhanced** Indicates the presence of the 'enhanced' command line argument.
- **StartTime** UTC date and time at which this event was sent.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
Provides data on the installed Office Add-ins
@ -3760,10 +3853,10 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
The following fields are available:
- **BrowserFlags** Browser flags for Office-related products
- **ExchangeProviderFlags** Provider policies for Office Exchange
- **BrowserFlags** Browser flags for Office-related products.
- **ExchangeProviderFlags** Provider policies for Office Exchange.
- **InventoryVersion** The version of the inventory binary generating the events.
- **SharedComputerLicensing** Office shared computer licensing policies
- **SharedComputerLicensing** Office shared computer licensing policies.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
@ -3994,6 +4087,215 @@ The following fields are available:
- **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event
## Microsoft Edge events
### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
The following fields are available:
- **app_version** The internal Microsoft Edge build version string.
- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode.
- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
The following fields are available:
- **app_version** The internal Microsoft Edge build version string.
- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode.
- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
The following fields are available:
- **app_version** The internal Microsoft Edge build version string.
- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode.
- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
The following fields are available:
- **app_version** The internal Microsoft Edge build version string.
- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode.
- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date.
The following fields are available:
- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''.
- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update.
- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown).
- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev).
- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown).
- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error).
- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown).
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a <urls> tag.
- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''.
- **appVersion** The version of the product install. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
- **eventType** A string representation of appPingEventEventType indicating the type of the event.
- **hwHasAvx** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''.
- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''.
- **osVersion** The primary version of the operating system. '' if unknown. Default: ''.
- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'.
- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'.
- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''.
- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined.
- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Default: ''.
- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique sessionid. Default: ''.
- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''.
- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''.
### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config
This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
The following fields are available:
- **app_version** The internal Microsoft Edge build version string.
- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
- **Channel** An integer indicating the channel of the installation (Canary or Dev).
- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled.
- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth
- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode.
- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode.
- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full
- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13).
- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level
- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
## Migration events
### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
This event returns data to track the count of the migration objects across various phases during feature update.
### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
This event returns data about the count of the migration objects across various phases during feature update.
### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
This event returns data to track the count of the migration objects across various phases during feature update.
## Miracast events
### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
@ -4937,6 +5239,12 @@ The following fields are available:
## SIH events
### SIHEngineTelemetry.ExecuteAction
This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot.
### SIHEngineTelemetry.SLSActionData
This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated.
@ -5287,28 +5595,111 @@ The following fields are available:
- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed.
- **ExtendedStatusCode** The secondary status code of the event.
- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id)
- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable.
- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
- **RevisionId** Identifies the revision of this specific piece of content
- **RevisionNumber** Identifies the revision number of this specific piece of content
- **RevisionId** The revision ID for a specific piece of content.
- **RevisionNumber** The revision number for a specific piece of content.
- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate.
- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
- **SHA256OfTimestampToken** An encoded string of the timestamp token.
- **SignatureAlgorithm** Hash algorithm for the metadata signature
- **SignatureAlgorithm** The hash algorithm for the metadata signature.
- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast
- **StatusCode** The status code of the event.
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token.
- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
- **UpdateId** Identifier associated with the specific piece of content
- **UpdateId** The update ID for a specific piece of content.
- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
## Update Assistant events
### Microsoft.Windows.UpdateAssistant.Orchestrator.BlockingEventId
The event sends basic info on the reason that Windows 10 was not updated due to compatibility issues, previous rollbacks, or admin policies.
The following fields are available:
- **ApplicabilityBlockedReason** Blocked due to an applicability issue.
- **BlockWuUpgrades** The upgrade assistant is currently blocked.
- **clientID** An identification of the current release of Update Assistant.
- **CloverTrail** This device is Clovertrail.
- **DeviceIsMdmManaged** This device is MDM managed.
- **IsNetworkAvailable** If the device network is not available.
- **IsNetworkMetered** If network is metered.
- **IsSccmManaged** This device is SCCM managed.
- **NewlyInstalledOs** OS is newly installed quiet period.
- **PausedByPolicy** Updates are paused by policy.
- **RecoveredFromRS3** Previously recovered from RS3.
- **RS1UninstallActive** Blocked due to an active RS1 uninstall.
- **RS3RollBacks** Exceeded number of allowable RS3 rollbacks.
- **triggerTaskSource** Describe which task launches this instance.
- **WsusManaged** This device is WSUS managed.
- **ZeroExhaust** This device is zero exhaust.
### Microsoft.Windows.UpdateAssistant.Orchestrator.DeniedLaunchEventId
The event sends basic info when a device was blocked or prevented from updating to the latest Windows 10 version.
The following fields are available:
- **clientID** An identification of the current release of Update Assistant.
- **denyReason** All the reasons why the Update Assistant was prevented from launching. Bitmask with values from UpdateAssistant.cpp eUpgradeModeReason.
- **triggerTaskSource** Describe which task launches this instance.
### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedLaunchEventId
Event to mark that Update Assistant Orchestrator failed to launch Update Assistant.
The following fields are available:
- **calendarRun** Standard time-based triggered task.
- **clientID** An identification of the current release of Update Assistant.
- **hResult** Error code of the Update Assistant Orchestrator failure.
- **triggerTaskSource** Describe which task launches this instance.
### Microsoft.Windows.UpdateAssistant.Orchestrator.FailedOneSettingsQueryEventId
Event indicating One Settings was not queried by update assistant.
The following fields are available:
- **clientID** An identification of the current release of Update Assistant.
- **hResult** Error code of One Settings query failure.
### Microsoft.Windows.UpdateAssistant.Orchestrator.LaunchEventId
This event sends basic information on whether the device should be updated to the latest Windows 10 version.
The following fields are available:
- **autoStartRunCount** The auto start run count of Update Assistant.
- **clientID** The ID of the current release of Update Assistant.
- **launchMode** Indicates the type of launch performed.
- **launchTypeReason** A bitmask of all the reasons for type of launch.
- **triggerTaskSource** Indicates which task launches this instance.
### Microsoft.Windows.UpdateAssistant.Orchestrator.RestoreEventId
The event sends basic info on whether the Windows 10 update notification has previously launched.
The following fields are available:
- **clientID** ID of the current release of Update Assistant.
- **restoreReason** All the reasons for the restore.
- **triggerTaskSource** Indicates which task launches this instance.
## Update events
### Update360Telemetry.Revert
@ -5722,7 +6113,7 @@ The following fields are available:
### FacilitatorTelemetry.DCATDownload
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure.
The following fields are available:
@ -5760,7 +6151,7 @@ The following fields are available:
### Setup360Telemetry.Downlevel
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure.
The following fields are available:
@ -6041,7 +6432,7 @@ The following fields are available:
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
@ -6219,6 +6610,7 @@ The following fields are available:
- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
- **AttemptNumber** The total number of attempts to acquire this product.
- **BundleId** The bundle ID
- **CategoryId** The identity of the package or packages being installed.
- **ClientAppId** The identity of the app that initiated this operation.
- **HResult** HResult code to show the result of the operation (success/failure).
@ -6228,6 +6620,7 @@ The following fields are available:
- **IsRemediation** Is this repairing a previous installation?
- **IsRestore** Is this happening after a device restore?
- **IsUpdate** Is this an update?
- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
- **PFN** Product Family Name of the product being installed.
- **ProductId** The Store Product ID for the product being installed.
- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
@ -7169,6 +7562,19 @@ The following fields are available:
- **wuDeviceid** The unique device ID used by Windows Update.
### Microsoft.Windows.Update.Orchestrator.DetectionResult
This event runs when an update is detected. This helps ensure Windows is kept up to date.
The following fields are available:
- **applicableUpdateIdList** A list of applicable update IDs.
- **applicableUpdateList** A list of applicable update names.
- **seekerUpdateIdList** A list of optional update IDs.
- **seekerUpdateList** A list of optional update names.
- **wuDeviceid** The Windows Update device identifier.
### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
This event indicates the reboot was postponed due to needing a display.
@ -7481,6 +7887,32 @@ The following fields are available:
- **wuDeviceid** Unique device ID used by Windows Update.
### Microsoft.Windows.Update.Orchestrator.SeekerUpdateAvailable
This event defines when an optional update is available for the device to help keep Windows up to date.
The following fields are available:
- **flightID** The unique identifier of the Windows Insider build on this device.
- **isFeatureUpdate** Indicates whether the update is a Feature Update.
- **revisionNumber** The revision number of the update.
- **updateId** The GUID (Globally Unique Identifier) of the update.
- **wuDeviceid** The Windows Update device identifier.
### Microsoft.Windows.Update.Orchestrator.SeekUpdate
This event occurs when user initiates "seeker" scan. This helps keep Windows up to date.
The following fields are available:
- **flightID** The ID of the Windows Insider builds on the device.
- **isFeatureUpdate** Indicates that the target of the Seek is a feature update.
- **revisionNumber** The revision number of the update.
- **updateId** The identifier of the update.
- **wuDeviceid** The Windows Update device identifier.
### Microsoft.Windows.Update.Orchestrator.SystemNeeded
This event sends data about why a device is unable to reboot, to help keep Windows up to date.

932
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
View File

File diff suppressed because it is too large Load Diff

10
windows/release-information/resolved-issues-windows-10-1507.yml
View File

@ -35,7 +35,6 @@ sections:
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -64,12 +63,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"

26
windows/release-information/resolved-issues-windows-10-1607.yml
View File

@ -42,11 +42,6 @@ sections:
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='53msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>System Center Virtual Machine Manager cannot enumerate and manage logical switches deployed on managed hosts.<br><br><a href = '#53msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='240msg'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><br>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='221msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#221msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>June 27, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='48msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#48msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -96,27 +91,6 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><div>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of <a href='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a> on the server. Applications that may exhibit&nbsp;this behavior use an <strong>IFRAME </strong>during non-interactive authentication requests and receive <strong>X-Frame Options </strong>set to<strong> </strong>DENY.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>.</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved:<br>July 16, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 04, 2019 <br>05:55 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>Resolved:<br>June 27, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='221msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>.</div><br><a href ='#221msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
</table>
"
- title: March 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='48msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489882\" target=\"_blank\">KB4489882</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#48msg'>Back to top</a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
</table>
"

14
windows/release-information/resolved-issues-windows-10-1709.yml
View File

@ -38,9 +38,6 @@ sections:
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -81,14 +78,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
</table>
"

6
windows/release-information/resolved-issues-windows-10-1803.yml
View File

@ -41,9 +41,6 @@ sections:
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -93,8 +90,5 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
</table>
"

28
windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
View File

@ -42,12 +42,6 @@ sections:
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='245msg'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><br>Devices with some Realtek Bluetooth radios drivers may have issues pairing or connecting to devices.<br><br><a href = '#245msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='210msg'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.<br><br><a href = '#210msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='88msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may terminate the connection.<br><br><a href = '#88msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -106,27 +100,5 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='245msgdesc'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><div>In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#245msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 14, 2019 <br>05:45 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='210msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.&nbsp;</div><br><a href ='#210msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
</table>
"
- title: March 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='88msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#88msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
</table>
"

10
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -38,7 +38,6 @@ sections:
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='229msg'></div><b>Cannot launch Camera app </b><br>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.<br><br><a href = '#229msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
@ -57,10 +56,6 @@ sections:
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='227msg'></div><b>Display brightness may not respond to adjustments</b><br>Devices configured with certain Intel display drivers may experience a driver compatibility issue.<br><br><a href = '#227msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='249msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#249msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='235msg'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><br>Users who update to Windows 10, version 1903 may experience a loss of functionality with Dynabook Smartphone Link.<br><br><a href = '#235msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:54 PM PT</td></tr>
<tr><td><div id='222msg'></div><b>Error attempting to update with external USB device or memory card attached </b><br>PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
<tr><td><div id='230msg'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><br>Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.<br><br><a href = '#230msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -127,7 +122,6 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='249msgdesc'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><div>The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0.&nbsp;You may also receive an error in the<strong> Application section </strong>of <strong>Windows Logs</strong> <strong>in</strong>&nbsp;<strong>Event Viewer&nbsp;</strong>with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.</div><div><br></div><div>This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.</div><div><br></div><div><strong>Affected platforms</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a>.</div><br><a href ='#249msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 28, 2019 <br>05:01 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"
@ -140,11 +134,7 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='229msgdesc'></div><b>Cannot launch Camera app </b><div>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:</div><div class=\"ql-indent-1\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"Close other apps, error code: 0XA00F4243.”</div><div><br></div><div>To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a> and the safeguard hold has been removed.</div><br><a href ='#229msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:20 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='227msgdesc'></div><b>Display brightness may not respond to adjustments</b><div>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.</div><br><a href ='#227msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:56 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='235msgdesc'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><div>Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#235msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:54 PM PT<br><br>Opened:<br>May 24, 2019 <br>03:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='222msgdesc'></div><b>Error attempting to update with external USB device or memory card attached </b><div>If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.</div><div><br></div><div>Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is&nbsp;reassigned a different drive letter (e.g., drive H).</div><div><br></div><div><strong>Note</strong> The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.</div><div><br></div><div>To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#222msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:38 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='230msgdesc'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><div>After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.</div><div>&nbsp;</div><div>This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until&nbsp;this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#230msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:16 AM PT</td></tr>
</table>
"

12
windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -39,8 +39,6 @@ sections:
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='197msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#197msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -81,16 +79,6 @@ sections:
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"
- title: April 2019
- items:
- type: markdown

22
windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -39,9 +39,6 @@ sections:
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='209msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#209msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='155msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#155msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -90,16 +87,6 @@ sections:
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"
- title: April 2019
- items:
- type: markdown
@ -108,12 +95,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='209msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client:&nbsp;Windows 8.1; Windows 7 SP1</li><li>Server:&nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. McAfee has released an automatic update to address this issue.&nbsp;Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a>&nbsp;</li></ul><br><a href ='#209msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>Last updated:<br>August 13, 2019 <br>06:59 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: March 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='155msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489881\" target=\"_blank\">KB4489881</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a>.</div><br><a href ='#155msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
</table>
"

10
windows/release-information/resolved-issues-windows-server-2008-sp2.yml
View File

@ -37,7 +37,6 @@ sections:
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -76,12 +75,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"

24
windows/release-information/resolved-issues-windows-server-2012.yml
View File

@ -37,10 +37,6 @@ sections:
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='246msg'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><br>Some devices and generation 2 Hyper-V VMs may have issues installing some updates when Secure Boot is enabled.<br><br><a href = '#246msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='184msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#184msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -87,23 +83,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='246msgdesc'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><div>Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> or later updates when Secure Boot is enabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If your device is using Security Only updates, this issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4508776\" target=\"_blank\" style=\"\">KB4508776</a>.</div><br><a href ='#246msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 19, 2019 <br>04:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
</table>
"
- title: March 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='184msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489891\" target=\"_blank\">KB4489891</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a>.</div><br><a href ='#184msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1507.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

8
windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

8
windows/release-information/status-windows-10-1709.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

8
windows/release-information/status-windows-10-1803.yml
View File

@ -33,11 +33,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

10
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -33,11 +33,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -64,7 +64,6 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
@ -93,7 +92,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>After installing the optional non-security&nbsp;update (<a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a&nbsp;0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Note</strong> Microsoft Windows Defender Antivirus is not affected by this issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"

44
windows/release-information/status-windows-10-1903.yml
View File

@ -33,11 +33,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -64,14 +64,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -91,33 +85,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='317msgdesc'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><div>Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the <strong>Windows Update</strong> dialog or within U<strong>pdate history</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved for most users. If you are still having issues, please see <a href=\"https://support.microsoft.com/help/4528159\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528159</a>.</div><br><a href ='#317msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>November 12, 2019 <br>08:11 AM PT<br><br>Opened:<br>August 16, 2019 <br>01:41 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
</table>
"

30
windows/release-information/status-windows-10-1909.yml
View File

@ -33,11 +33,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -64,10 +64,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"
@ -86,22 +83,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
</table>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

10
windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -60,7 +60,6 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +78,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/en-us/help/4507457\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507457</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-server-2008-sp2.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:

10
windows/release-information/status-windows-server-2012.yml
View File

@ -29,11 +29,11 @@ sections:
columns: 3
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -60,7 +60,6 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +78,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/help/4507447\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507447</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
"

11
windows/release-information/windows-message-center.yml
View File

@ -23,11 +23,11 @@ sections:
columns: 2
items:
- href: https://aka.ms/how-to-get-1909
html: Get the update >
- href: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/
html: Find out what you need to know >
image:
src: http://docs.microsoft.com/media/common/i_download-install.svg
title: Windows 10, version 1909 now available
src: https://docs.microsoft.com/media/common/i_alert.svg
title: Windows 7 has reached end of support
- href: https://aka.ms/1909mechanics
html: Explore the improvements >
image:
@ -50,6 +50,9 @@ sections:
text: "
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
<tr><td id='382'><a href = 'https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/' target='_blank'><b>Windows 7 has reached end of support</b></a><a class='docon docon-link heading-anchor' aria-labelledby='382' href='#382'></a><br><div>Windows&nbsp;7 reached end of support on January 14, 2020. If your organization has&nbsp;not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read <a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/how-to-get-extended-security-updates-for-eligible-windows/ba-p/917807\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\">Windows lifecycle fact sheet</a>.</div></td><td>January 15, 2020 <br>10:00 AM PT</td></tr>
<tr><td id='379'><a href = 'https://support.microsoft.com/help/4528760' target='_blank'><b>Take action: January 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='379' href='#379'></a><br><div>The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='380'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601' target='_blank'><b>Advisory: Windows CryptoAPI certificate validation vulnerability</b></a><a class='docon docon-link heading-anchor' aria-labelledby='380' href='#380'></a><br><div>On January 14, 2020, Microsoft released security updates to address&nbsp;an<a href=\"&nbsp;elliptic-curve cryptography&nbsp;(\" target=\"_blank\" rel=\"noopener noreferrer\">&nbsp;elliptic-curve cryptography<u>&nbsp;(</u></a>ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10&nbsp;operating system, client and server.&nbsp;While we have not observed an attack exploiting this vulnerability,&nbsp;we recommend that you apply this update to all of your Windows 10 devices&nbsp;with priority. Here is what you need to know:</div><ul><li>If you are running a supported version of Windows&nbsp;10&nbsp;and have automatic updates enabled, you are automatically protected and do not need to take any&nbsp;further&nbsp;action.</li><li>If you are managing updates on behalf of your organization, you should download the latest updates from the&nbsp;<a href=\"https://portal.msrc.microsoft.com/en-us/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Update Guide&nbsp;</a>and apply those updates to your&nbsp;Windows 10 devices and servers&nbsp;as soon as possible.</li></ul><div></div><div>If you are&nbsp;running an <a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" target=\"_blank\" rel=\"noopener noreferrer\">unsupported version of Windows 10</a>, we&nbsp;recommend that you upgrade to the current version of Windows 10 to benefit from the latest security protections.&nbsp;For more information&nbsp;about this vulnerability,&nbsp;see&nbsp;the <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Guidance for&nbsp;CVE-2020-0601</a> and the Microsoft Security Response Center blog, <a href=\"https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\" target=\"_blank\" rel=\"noopener noreferrer\">January 2020 Security Updates: CVE-2020-0601</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week.&nbsp;For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how weve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>

10
windows/security/identity-protection/access-control/security-identifiers.md
View File

@ -289,6 +289,16 @@ Capability Security Identifiers (SIDs) are used to uniquely and immutably identi
All Capability SIDs that the operating system is aware of are stored in the Windows Registry in the path `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities'. Any Capability SID added to Windows by first or third-party applications will be added to this location.
## Examples of registry keys taken from Windows 10, version 1909, 64-bit Enterprise edition
You may see the following registry keys under AllCachedCapabilities:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_DevUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_DevUnlock_Internal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Enterprise
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_General
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Restricted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Windows
All Capability SIDs are prefixed by S-1-15-3
## See also

2
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -86,6 +86,8 @@ You can do this by using either the Control Panel or the Deployment Image Servic
```
dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
```
> [!NOTE]
> In Windows 10, version 1607 and later, the Isolated User Mode feature has been integrated into the core operating system. Running the command in step 3 above is therefore no longer required.
> [!NOTE]
> You can also add these features to an online image by using either DISM or Configuration Manager.

2
windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
View File

@ -68,3 +68,5 @@ Following are the various deployment guides and models included in this topic:
Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
> [!NOTE]
> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.

6
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
View File

@ -58,6 +58,9 @@ To resolve this issue, the CRL distribution point must be a location that is acc
If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
> [!NOTE]
> If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
### Windows Server 2016 Domain Controllers
If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers. Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key. What do we mean by adequate? We are glad you asked. Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
@ -335,6 +338,3 @@ Sign-in a workstation with access equivalent to a _domain user_.
If you plan on using certificates for on-premises single-sign on, perform the additional steps in [Using Certificates for On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md).

5
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -118,6 +118,11 @@ Hybrid certificate trust deployments need the device write back feature. Authen
> [!NOTE]
> Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory, and therefore the device writeback is used to update the msDS-KeyCredentialLink on the computer object.
## Provisioning
You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
### Section Checklist ###
> [!div class="checklist"]
> * Azure Active Directory Device writeback

5
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
View File

@ -31,7 +31,7 @@ In hybrid deployments, users register the public portion of their Windows Hello
The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
> [!IMPORTANT]
> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**.
> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. In this case, you should use the pre-created group KeyAdmins in step 3 of the "Group Memberships for the Azure AD Connect Service Account" section of this article.
### Configure Permissions for Key Synchronization
@ -56,9 +56,6 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
1. Open **Active Directory Users and Computers**.
2. Click the **Users** container in the navigation pane.
>[!IMPORTANT]
> If you already have a Windows Server 2016 domain controller in your domain, use the Keyadmins group in the next step, otherwise use the KeyCredential admins group you previously created.
3. Right-click either the **KeyAdmins** or **KeyCredential Admins** in the details pane and click **Properties**.
4. Click the **Members** tab and click **Add**
5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**.

8
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
View File

@ -40,7 +40,7 @@ Hybrid Windows Hello for Business needs two directories: on-premises Active Dire
A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription. The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers. However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 domain controllers at each site where users authenticate using Windows Hello for Business. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers. However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 or later domain controllers at each site where users authenticate using Windows Hello for Business. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
Review these requirements and those from the Windows Hello for Business planning guide and worksheet. Based on your deployment decisions you may need to upgrade your on-premises Active Directory or your Azure Active Directory subscription to meet your needs.
@ -125,7 +125,11 @@ Hybrid Windows Hello for Business deployments can use Azures Multifactor Auth
## Device Registration
Organizations wanting to deploy hybrid key trust need their domain joined devices to register to Azure Active Directory. Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud. This ensures that only approved computers are used with that Azure Active Directory. Each computer registers its identity in Azure Active Directory.
## Provisioning
You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
### Section Checklist

2
windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
View File

@ -196,7 +196,7 @@ Alternatively, you can forcefully trigger automatic certificate enrollment using
Use the event logs to monitor certificate enrollment and archive. Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions.
## Follow the Windows Hello for Business on premises certificate trust deployment guide
## Follow the Windows Hello for Business on premises key trust deployment guide
1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
2. Validate and Configure Public Key Infrastructure (*You are here*)
3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)

31
windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
View File

@ -1,9 +1,9 @@
---
title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
title: Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager (Windows 10)
description: Use Configuration Manager to make & deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
ms.reviewer:
keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager, MEMCM, Microsoft Endpoint Configuration Manager
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
@ -15,26 +15,29 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 05/13/2019
ms.date: 01/09/2020
---
# Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
# Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
- System Center Configuration Manager
- Microsoft Endpoint Configuration Manager
System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
## Add a WIP policy
After youve installed and set up System Center Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
After youve installed and set up Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
>[!TIP]
> Review the [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) article before creating a new configuration item to avoid common issues.
**To create a configuration item for WIP**
1. Open the System Center Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
1. Open the Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
![System Center Configuration Manager, Configuration Items screen](images/wip-sccm-addpolicy.png)
![Configuration Manager, Configuration Items screen](images/wip-sccm-addpolicy.png)
2. Click the **Create Configuration Item** button.<p>
The **Create Configuration Item Wizard** starts.
@ -43,7 +46,7 @@ The **Create Configuration Item Wizard** starts.
3. On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
4. In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use System Center Configuration Manager for device management, and then click **Next**.
4. In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use Configuration Manager for device management, and then click **Next**.
- **Settings for devices managed with the Configuration Manager client:** Windows 10
@ -62,7 +65,7 @@ The **Create Configuration Item Wizard** starts.
The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization.
## Add app rules to your policy
During the policy-creation process in System Center Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file.
@ -295,9 +298,9 @@ For this example, were going to add an AppLocker XML file to the **App Rules*
</RuleCollection>
</AppLockerPolicy>
```
12. After youve created your XML file, you need to import it by using System Center Configuration Manager.
12. After youve created your XML file, you need to import it by using Configuration Manager.
**To import your Applocker policy file app rule using System Center Configuration Manager**
**To import your Applocker policy file app rule using Configuration Manager**
1. From the **App rules** area, click **Add**.
The **Add app rule** box appears.
@ -506,3 +509,5 @@ After youve created your WIP policy, you'll need to deploy it to your organiz
- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
- [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)

111
windows/security/threat-protection/TOC.md
View File

@ -121,6 +121,7 @@
##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
@ -129,7 +130,7 @@
##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Stream advanced hunting events to Azure Event Hubs](microsoft-defender-atp/raw-data-export-event-hub.md)
#### [Custom detections]()
##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
@ -137,8 +138,6 @@
### [Management and APIs]()
#### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
#### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
#### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
### [Integrations]()
#### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
@ -362,15 +361,15 @@
###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API]()
##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
##### [Get started with Microsoft Defender ATP APIs]()
###### [Introduction](microsoft-defender-atp/apis-intro.md)
###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
###### [Access the Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
###### [Hello World](microsoft-defender-atp/api-hello-world.md)
###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
###### [Get partner application access](microsoft-defender-atp/exposed-apis-create-app-partners.md)
##### [APIs]()
##### [Microsoft Defender ATP APIs Schema]()
###### [Supported Microsoft Defender ATP APIs](microsoft-defender-atp/exposed-apis-list.md)
###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
@ -408,7 +407,12 @@
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
###### [Automated Investigation]()
####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
###### [Indicators]()
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
@ -444,14 +448,14 @@
###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#### [Windows updates (KB) info]()
##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#### [Raw data streaming API]()
##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md)
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [Pull detections to your SIEM tools]()
#### [SIEM integration]()
##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
@ -460,6 +464,7 @@
##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
#### [Reporting]()
##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
@ -486,45 +491,55 @@
###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
#### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
## [Partner integration scenarios]()
### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)
### [Become a Microsoft Defender ATP partner](microsoft-defender-atp/get-started-partner-integration.md)
## [Configure Microsoft threat protection integration]()
### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
## [Configure portal settings]()
### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
### [General]()
#### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
#### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
#### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
#### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
#### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
### [Permissions]()
#### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
#### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
##### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
### [APIs]()
#### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
#### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
### [Rules]()
#### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
#### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
#### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
#### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
### [Machine management]()
#### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
#### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
### [Configure Microsoft threat protection integration]()
#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
### [Configure portal settings]()
#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
#### [General]()
##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
#### [Permissions]()
##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [APIs]()
##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
#### [Rules]()
##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
#### [Machine management]()
##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
#### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
## [Troubleshoot Microsoft Defender ATP]()

1
windows/security/threat-protection/auditing/event-4771.md
View File

@ -184,6 +184,7 @@ The most common values:
| 2 | PA-ENC-TIMESTAMP | This is a normal type for standard password authentication. |
| 11 | PA-ETYPE-INFO | The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 15 | PA-PK-AS-REP\_OLD | Used for Smart Card logon authentication. |
| 16 | PA-PK-AS-REQ | Request sent to KDC in Smart Card authentication scenarios.|
| 17 | PA-PK-AS-REP | This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen. |
| 19 | PA-ETYPE-INFO2 | The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 20 | PA-SVR-REFERRAL-INFO | Used in KDC Referrals tickets. |

5
windows/security/threat-protection/auditing/event-4912.md
View File

@ -126,8 +126,9 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- **Subcategory** \[Type = UnicodeString\]**:** the name of auditing subcategory which state was changed. Possible values:
| Audit Credential Validation | Audit Process Termination | Audit Other Logon/Logoff Events |
| Value | Value | Value |
|------------------------------------------|----------------------------------------------|--------------------------------------|
| Audit Credential Validation | Audit Process Termination | Audit Other Logon/Logoff Events |
| Audit Kerberos Authentication Service | Audit RPC Events | Audit Special Logon |
| Audit Kerberos Service Ticket Operations | Audit Detailed Directory Service Replication | Audit Application Generated |
| Audit Other Logon/Logoff Events | Audit Directory Service Access | Audit Certification Services |
@ -145,7 +146,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
| Audit Policy Change | Audit Non-Sensitive Privilege Use | Audit System Integrity |
| Audit Authentication Policy Change | Audit Sensitive Privilege Use | Audit PNP Activity |
| Audit Authorization Policy Change | Audit Other Privilege Use Events | |
| Group Membership | Audit Network Policy Server | |
| Audit Group Membership | Audit Network Policy Server | |
- **Subcategory GUID** \[Type = GUID\]**:** the unique GUID of changed subcategory.

BIN
windows/security/threat-protection/images/securityrecs-tamperprotect.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

45
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -18,10 +18,19 @@ ms.topic: article
# Add or Remove Machine Tags API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Adds or remove tag to a specific [Machine](machine.md).
## Limitations
1. You can post on machines last seen in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
This API adds or remove tag to a specific machine.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -77,34 +86,4 @@ Content-type: application/json
"Action": "Add"
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
```
- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
View File

@ -26,7 +26,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).

59
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md Normal file
View File

@ -0,0 +1,59 @@
---
title: DeviceFileCertificateInfoBeta table in the advanced hunting schema
description: Learn about file signing information in the DeviceFileCertificateInfoBeta table of the advanced hunting schema
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfoBeta
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: lomayor
author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 01/14/2020
---
# DeviceFileCertificateInfoBeta
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
The `DeviceFileCertificateInfoBeta` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
| `Timestamp` | datetime | Date and time when the event was recorded
| `DeviceId` | string | Unique identifier for the machine in the service
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to
| `IsSigned` | boolean | Indicates whether the file is signed
| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
| `Signer` | string | Information about the signer of the file
| `SignerHash` | string | Unique hash value identifying the signer
| `Issuer` | string | Information about the issuing certificate authority (CA)
| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
| `CrlDistributionPointUrls` | string | URL of the network share that contains certificates and the certificate revocation list (CRL)
| `CertificateCreationTime` | datetime | Date and time the certificate was created
| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-schema-reference.md)

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
View File

@ -23,8 +23,7 @@ ms.date: 10/08/2019
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> [!TIP]
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query.
@ -141,5 +140,4 @@ For detailed information about the query language, see [Kusto query language doc
- [Understand the schema](advanced-hunting-schema-reference.md)
- [Apply query best practices](advanced-hunting-best-practices.md)
> [!TIP]
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)

3
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/08/2019
ms.date: 01/14/2020
---
# Understand the advanced hunting schema
@ -47,6 +47,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| **[DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md)** | Sign-ins and other authentication events |
| **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
| **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
| **[DeviceFileCertificateInfoBeta](advanced-hunting-devicefilecertificateinfobeta-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |

32
windows/security/threat-protection/microsoft-defender-atp/alerts.md
View File

@ -27,6 +27,7 @@ Method |Return Type |Description
:---|:---|:---
[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
[Update alert](get-alerts.md) | [Alert](update-alert.md) | Update specific [alert](alerts.md).
[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
[List related files](get-alert-related-files-info.md) | [File](files.md) collection | List the [file](files.md) entities that are associated with the [alert](alerts.md).
@ -59,19 +60,8 @@ detectionSource | String | Detection source.
threatFamilyName | String | Threat family.
machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time.
alertFiles | List of Alert Files | **This list will be populated on $expand option, see example below** Alert File is an object that contains: sha1, sha256, filePath and fileName.
alertIPs | List of Alert IPs | **This list will be populated on $expand option, see example below** Alert IP is an object that contains: ipAddress string field.
alertDomains | List of Alert Domains | **This list will be populated on $expand option, see example below** Alert Domain is an object that contains: host string field.
## JSON representation:
- When querying for alert list the regular way (without expand option, e.g. /api/alerts) the expandable properties will not get populated (empty lists)
- To expand expandable properties use $expand option (e.g. to expand all send /api/alerts?$expand=files,ips,domains).
- When querying single alert all expandable properties will be expanded.
- Check out [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) for more OData examples.
### Response example for getting single alert:
```
@ -83,12 +73,12 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
"id": "da637084217856368682_-292920499",
"incidentId": 66860,
"investigationId": 4416234,
"investigationState": "Running",
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "New",
"classification": "TruePositive",
"determination": null,
"investigationState": "Running",
"detectionSource": "WindowsDefenderAtp",
"category": "CommandAndControl",
"threatFamilyName": null,
@ -106,24 +96,6 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
"createdBy": "secop@contoso.com",
"createdTime": "2019-11-05T14:08:37.8404534Z"
}
],
"alertFiles": [
{
"sha1": "77e862797dd525fd3e9c3058153247945d0d4cfd",
"sha256": "c05823562aee5e6d000b0e041197d5b8303f5aa4eecb49820879b705c926e16e",
"filePath": "C:\\Users\\test1212\\AppData\\Local\\Temp\\nsf61D3.tmp.exe",
"fileName": "nsf61D3.tmp.exe"
}
],
"alertDomains": [
{
"host": "login.bullguard.com"
}
],
"alertIps": [
{
"ipAddress": "91.231.212.53"
}
]
}
```

4
windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
View File

@ -1,5 +1,5 @@
---
title: Microsoft Defender Advanced Threat Protection API overview
title: Access the Microsoft Defender Advanced Threat Protection APIs
ms.reviewer:
description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Microsoft Defender ATP API overview
# Access the Microsoft Defender Advanced Threat Protection APIs
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

34
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -18,11 +18,19 @@ ms.topic: article
---
# Collect investigation package API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Collect investigation package from a machine.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -74,25 +82,3 @@ Content-type: application/json
"Comment": "Collect forensics due to alert 1234"
}
```
**Response**
Here is an example of the response.
```
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
"id": "c9042f9b-8483-4526-87b5-35e4c2532223",
"type": "CollectInvestigationPackage",
"requestor": "Analyst@contoso.com",
"requestorComment": " Collect forensics due to alert 1234",
"status": "InProgress",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"creationDateTimeUtc": "2018-12-04T12:09:24.1785079Z",
"lastUpdateTimeUtc": "2018-12-04T12:09:24.1785079Z",
"relatedFileInfo": null
}
```

11
windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/16/2017
---
# Pull detections to your SIEM tools
@ -56,13 +55,3 @@ Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections using
For more information, see [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md).
## In this section
Topic | Description
:---|:---
[Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
[Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)| Learn about installing the REST API Modular Input App and other configuration settings to enable Splunk to pull Microsoft Defender ATP detections.
[Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Microsoft Defender ATP detections.
[Microsoft Defender ATP Detection fields](api-portal-mapping.md) | Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center.
[Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md) | Use the Client credentials OAuth 2.0 flow to pull detections from Microsoft Defender ATP using REST API.
[Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) | Address issues you might encounter when using the SIEM integration feature.

15
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -16,13 +16,24 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Create alert from event API
# Create alert API
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
## API description
Creates new [Alert](alerts.md).
<br>Microsoft Defender ATP Event is a required parameter for the alert creation.
<br>You can use an event found in Advanced Hunting API or Portal.
<br>If there existing an open alert on the same Machine with the same Title, the new created alert will be merged with it.
<br>An automatic investigation starts automatically on alerts created via the API.
## Limitations
1. Rate limitations for this API are 15 calls per minute.
## Permissions

25
windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
View File

@ -18,15 +18,18 @@ ms.topic: article
# Delete Indicator API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
>[!Note]
> Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
## API description
Deletes an [Indicator](ti-indicator.md) entity by ID.
- Deletes an Indicator entity by ID.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -66,15 +69,5 @@ If Indicator with the specified id was not found - 404 Not Found.
Here is an example of the request.
```
DELETE https://api.securitycenter.windows.com/api/indicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
```
**Response**
Here is an example of the response.
```
HTTP/1.1 204 NO CONTENT
DELETE https://api.securitycenter.windows.com/api/indicators/995
```

2
windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
View File

@ -130,7 +130,7 @@ h. Select **Manage > Assignments**. In the **Include** tab, select *
In terminal, run:
```bash
mdatp --edr --earlypreview true
mdatp --edr --early-preview true
```
For versions earlier than 100.78.0, run:

221
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
View File

@ -51,25 +51,25 @@ Content-type: application/json
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "ExampleTag" ]
},
.
.
.
...
]
}
```
@ -79,7 +79,7 @@ Content-type: application/json
- Get all the alerts that created after 2018-10-20 00:00:00
```
HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime gt 2018-11-22T00:00:00Z
HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime+gt+2018-11-22T00:00:00Z
```
**Response:**
@ -91,28 +91,35 @@ Content-type: application/json
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"value": [
{
"id": "121688558380765161_2136280442",
"incidentId": 7696,
"assignedTo": "secop@contoso.com",
"severity": "High",
"status": "New",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
"firstEventTime": "2018-11-26T16:17:50.0948658Z",
"lastEventTime": "2018-11-26T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
"id": "da637084217856368682_-292920499",
"incidentId": 66860,
"investigationId": 4416234,
"investigationState": "Running",
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "New",
"classification": "TruePositive",
"determination": null,
"detectionSource": "WindowsDefenderAtp",
"category": "CommandAndControl",
"threatFamilyName": null,
"title": "Network connection to a risky host",
"description": "A network connection was made to a risky host which has exhibited malicious activity.",
"alertCreationTime": "2019-11-03T23:49:45.3823185Z",
"firstEventTime": "2019-11-03T23:47:16.2288822Z",
"lastEventTime": "2019-11-03T23:47:51.2966758Z",
"lastUpdateTime": "2019-11-03T23:55:52.6Z",
"resolvedTime": null,
"machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd",
"comments": [
{
"comment": "test comment for docs",
"createdBy": "secop@contoso.com",
"createdTime": "2019-11-05T14:08:37.8404534Z"
}
]
},
.
.
.
...
]
}
```
@ -122,7 +129,7 @@ Content-type: application/json
- Get all the machines with 'High' 'RiskScore'
```
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore eq 'High'
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High'
```
**Response:**
@ -135,25 +142,25 @@ Content-type: application/json
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "ExampleTag" ]
},
.
.
.
...
]
}
```
@ -163,7 +170,7 @@ Content-type: application/json
- Get top 100 machines with 'HealthStatus' not equals to 'Active'
```
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100
HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100
```
**Response:**
@ -176,25 +183,25 @@ Content-type: application/json
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "ImpairedCommunication",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "ExampleTag" ]
},
.
.
.
...
]
}
```
@ -217,25 +224,25 @@ Content-type: application/json
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "ImpairedCommunication",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "ExampleTag" ]
},
.
.
.
...
]
}
```
@ -245,7 +252,7 @@ Content-type: application/json
- Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
```
HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan'
HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
```
**Response:**
@ -257,19 +264,19 @@ Content-type: application/json
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
"value": [
{
"id": "5c3e3322-d993-1234-1111-dfb136ebc8c5",
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
"type": "RunAntiVirusScan",
"requestor": "Analyst@examples.onmicrosoft.com",
"requestorComment": "1533",
"scope": "Full",
"requestor": "Analyst@contoso.com",
"requestorComment": "Check machine for viruses due to alert 3212",
"status": "Succeeded",
"machineId": "123321c10e44a82877af76b1d0161a17843f688a",
"creationDateTimeUtc": "2018-11-12T13:33:24.5755657Z",
"lastUpdateDateTimeUtc": "2018-11-12T13:34:32.0319826Z",
"relatedFileInfo": null
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
"relatedFileInfo": null
},
.
.
.
...
]
}
```

36
windows/security/threat-protection/microsoft-defender-atp/files.md
View File

@ -17,9 +17,10 @@ ms.topic: article
---
# File resource type
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Represent a file entity in Microsoft Defender ATP.
@ -37,11 +38,10 @@ Property | Type | Description
:---|:---|:---
sha1 | String | Sha1 hash of the file content
sha256 | String | Sha256 hash of the file content
md5 | String | md5 hash of the file content
globalPrevalence | Integer | File prevalence across organization
globalPrevalence | Nullable long | File prevalence across organization
globalFirstObserved | DateTimeOffset | First time the file was observed.
globalLastObserved | DateTimeOffset | Last time the file was observed.
size | Integer | Size of the file.
size | Nullable long | Size of the file.
fileType | String | Type of the file.
isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.)
filePublisher | String | File publisher.
@ -50,3 +50,29 @@ signer | String | File signer.
issuer | String | File issuer.
signerHash | String | Hash of the signing certificate.
isValidCertificate | Boolean | Was signing certificate successfully verified by Microsoft Defender ATP agent.
determinationType | String | The determination type of the file.
determinationValue | String | Determination value.
## Json representation
```json
{
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
"globalPrevalence": 180022,
"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
"size": 22139496,
"fileType": "APP",
"isPeFile": true,
"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
"fileProductName": "EaseUS MobiSaver for Android",
"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
"issuer": "VeriSign Class 3 Code Signing 2010 CA",
"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
"isValidCertificate": false,
"determinationType": "Pua",
"determinationValue": "PUA:Win32/FusionCore"
}
```

48
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
View File

@ -18,13 +18,19 @@ ms.topic: article
# Find machines by internal IP API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
The given timestamp must be in the past 30 days.
## API description
Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
## Limitations
1. The given timestamp must be in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -70,37 +76,5 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-09-22T08:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "10.248.240.38",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
]
}
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
```

57
windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get alert information by ID API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves specific [Alert](alerts.md) by its ID.
## Limitations
1. You can get alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves an alert by its ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -56,46 +64,3 @@ Empty
## Response
If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
## Example
**Request**
Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
```
**Response**
Here is an example of the response.
```
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"id": "441688558380765161_2136280442",
"incidentId": 8633,
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "InProgress",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
"lastEventTime": "2018-11-25T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
}
```

16
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
View File

@ -18,12 +18,20 @@ ms.topic: article
# Get alert related domain information API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves all domains related to a specific alert.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,7 +87,11 @@ Content-type: application/json
"value": [
{
"host": "www.example.com"
},
{
"host": "www.example2.com"
}
...
]
}

44
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
View File

@ -18,12 +18,20 @@ ms.topic: article
# Get alert related files information API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves all files related to a specific alert.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,23 +87,25 @@ Content-type: application/json
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
"value": [
{
"sha1": "654f19c41d9662cf86be21bf0af5a88c38c56a9d",
"sha256": "2f905feec2798cee6f63da2c26758d86bfeaab954c01e20ac7085bf55fedde87",
"md5": "82849dc81d94056224445ea73dc6153a",
"globalPrevalence": 33,
"globalFirstObserved": "2018-07-17T18:17:27.5909748Z",
"globalLastObserved": "2018-08-06T16:07:12.9414137Z",
"windowsDefenderAVThreatName": null,
"size": 801112,
"fileType": "PortableExecutable",
"sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",
"sha256": "dcd71ef5fff4362a9f64cf3f96f14f2b11d6f428f3badbedcb9ff3361e7079aa",
"md5": "8d5b7cc9a832e21d22503057e1fec8e9",
"globalPrevalence": 29,
"globalFirstObserved": "2019-03-23T23:54:06.0135204Z",
"globalLastObserved": "2019-04-23T00:43:20.0489831Z",
"size": 113984,
"fileType": null,
"isPeFile": true,
"filePublisher": null,
"fileProductName": null,
"signer": "Microsoft Windows",
"issuer": "Microsoft Development PCA 2014",
"signerHash": "9e284231a4d1c53fc8d4492b09f65116bf97447f",
"isValidCertificate": true
"filePublisher": "Microsoft Corporation",
"fileProductName": "Microsoft® Windows® Operating System",
"signer": "Microsoft Corporation",
"issuer": "Microsoft Code Signing PCA",
"signerHash": "9dc17888b5cfad98b3cb35c1994e96227f061675",
"isValidCertificate": true,
"determinationType": "Unknown",
"determinationValue": null
}
...
]
}
```

15
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
View File

@ -16,14 +16,22 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Get alert related IP information API
# Get alert related IPs information API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves all IPs related to a specific alert.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,6 +93,7 @@ Content-type: application/json
{
"id": "23.203.232.228
}
...
]
}

19
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get alert related machine information API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves [Machine](machine.md) related to a specific alert.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves machine that is related to a specific alert.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,15 +93,16 @@ Content-type: application/json
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]

29
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get alert related user information API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves the User related to a specific alert.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves the user associated to a specific alert.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -80,13 +88,16 @@ Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
"id": "contoso\\user1",
"firstSeen": "2018-08-02T00:00:00Z",
"lastSeen": "2018-08-04T00:00:00Z",
"mostPrevalentMachineId": null,
"leastPrevalentMachineId": null,
"accountName": "user1",
"accountDomain": "contoso",
"accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
"firstSeen": "2019-12-08T06:33:39Z",
"lastSeen": "2020-01-05T06:58:34Z",
"mostPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
"leastPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
"logonTypes": "Network",
"logOnMachinesCount": 3,
"logOnMachinesCount": 1,
"isDomainAdmin": false,
"isOnlyNetworkUser": null
"isOnlyNetworkUser": false
}
```

22
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -22,13 +22,19 @@ ms.topic: article
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of Alerts.
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```incidentId```, ```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
Supports [OData V4 queries](https://www.odata.org/documentation/).
The OData's Filter query is supported on: "alertCreationTime", "incidentId", "InvestigationId", "status", "severity" and "category".
## Limitations
1. You can get alerts last updated in the past 30 days.
2. Maximum page size is 10,000.
3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -50,10 +56,6 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
GET /api/alerts
```
## Optional query parameters
Method supports $top, $select, $filter, $expand and $skip query parameters.
<br>$expand is available on Files, IPs and Domains. e.g. $expand=files,domains
## Request headers
Name | Type | Description
@ -120,11 +122,9 @@ Here is an example of the response.
"createdBy": "secop@contoso.com",
"createdTime": "2019-11-05T14:08:37.8404534Z"
}
],
"alertFiles": [],
"alertDomains": [],
"alertIps": []
]
}
...
]
}
```

1
windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
View File

@ -15,6 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ROBOTS: NOINDEX
---
# Get CVE-KB map API

69
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get domain related alerts API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of [Alerts](alerts.md) related to a given domain address.
## Limitations
1. You can query on alerts last updated in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves a collection of alerts related to a given domain address.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -68,58 +76,3 @@ Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
"value": [
{
"id": "441688558380765161_2136280442",
"incidentId": 8633,
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "InProgress",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
"lastEventTime": "2018-11-25T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
},
{
"id": "121688558380765161_2136280442",
"incidentId": 4123,
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "InProgress",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
"firstEventTime": "2018-11-24T16:17:50.0948658Z",
"lastEventTime": "2018-11-24T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
}
]
}
```

67
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
View File

@ -17,10 +17,20 @@ ms.topic: article
---
# Get domain related machines API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Retrieves a collection of machines that have communicated to or from a given domain address.
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
## Limitations
1. You can query on machines last seen in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -68,54 +78,3 @@ Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
{
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
"computerDnsName": "mymachine2.contoso.com",
"firstSeen": "2018-07-09T13:22:45.1250071Z",
"lastSeen": "2018-07-09T13:22:45.1250071Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "192.168.12.225",
"lastExternalIpAddress": "79.183.65.82",
"agentVersion": "10.5820.17724.1000",
"osBuild": 17724,
"healthStatus": "Inactive",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
]
}
```

14
windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
View File

@ -18,10 +18,18 @@ ms.topic: article
# Get domain statistics API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves the statistics on the given domain.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves the prevalence for the given domain.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

51
windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
View File

@ -17,10 +17,19 @@ ms.topic: article
---
# Get file information API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Retrieves a file by identifier Sha1, Sha256, or MD5.
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a [File](files.md) by identifier Sha1, or Sha256
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -62,7 +71,7 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1
GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
```
**Response**
@ -74,22 +83,22 @@ Here is an example of the response.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
"sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
"sha256": "d4447dffdbb2889b4b4e746b0bc882df1b854101614b0aa83953ef3cb66904cf",
"md5": "7f05a371d2beffb3784fd2199f81d730",
"globalPrevalence": 7329,
"globalFirstObserved": "2018-04-08T05:50:29.4459725Z",
"globalLastObserved": "2018-08-07T23:35:11.1361328Z",
"windowsDefenderAVThreatName": null,
"size": 391680,
"fileType": "PortableExecutable",
"isPeFile": true,
"filePublisher": null,
"fileProductName": null,
"signer": null,
"issuer": null,
"signerHash": null,
"isValidCertificate": null
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
"globalPrevalence": 180022,
"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
"size": 22139496,
"fileType": "APP",
"isPeFile": true,
"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
"fileProductName": "EaseUS MobiSaver for Android",
"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
"issuer": "VeriSign Class 3 Code Signing 2010 CA",
"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
"isValidCertificate": false,
"determinationType": "Pua",
"determinationValue": "PUA:Win32/FusionCore"
}
```

46
windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
View File

@ -18,12 +18,19 @@ ms.topic: article
# Get file related alerts API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of alerts related to a given file hash.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,38 +76,3 @@ Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"value": [
{
"id": "121688558380765161_2136280442",
"incidentId": 7696,
"assignedTo": "secop@contoso.com",
"severity": "High",
"status": "New",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
"firstEventTime": "2018-11-26T16:17:50.0948658Z",
"lastEventTime": "2018-11-26T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
}
]
}
```

62
windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
View File

@ -18,11 +18,18 @@ ms.topic: article
# Get file related machines API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of [Machines](machine.md) related to a given file hash.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
- Retrieves a collection of machines related to a given file hash.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,52 +76,3 @@ Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
"value": [
{
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"riskScore": "Low",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
{
"id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
"computerDnsName": "mymachine2.contoso.com",
"firstSeen": "2018-07-09T13:22:45.1250071Z",
"lastSeen": "2018-07-09T13:22:45.1250071Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "192.168.12.225",
"lastExternalIpAddress": "79.183.65.82",
"agentVersion": "10.5820.17724.1000",
"osBuild": 17724,
"healthStatus": "Inactive",
"rbacGroupId": 140,
"riskScore": "Low",
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
]
}
```

29
windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
View File

@ -18,11 +18,18 @@ ms.topic: article
# Get file statistics API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves the statistics for the given file.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves the prevalence for the given file.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -64,7 +71,7 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/stats
GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
```
**Response**
@ -77,13 +84,15 @@ HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
"sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
"orgPrevalence": "3",
"orgFirstSeen": "2018-07-15T06:13:59Z",
"orgLastSeen": "2018-08-03T16:45:21Z",
"sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
"orgPrevalence": "14850",
"orgFirstSeen": "2019-12-07T13:44:16Z",
"orgLastSeen": "2020-01-06T13:39:36Z",
"globalPrevalence": "705012",
"globalFirstObserved": "2015-03-19T12:20:07.3432441Z",
"globalLastObserved": "2020-01-06T13:39:36Z",
"topFileNames": [
"chrome_1.exe",
"chrome_2.exe"
"MREC.exe"
]
}

110
windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md Normal file
View File

@ -0,0 +1,110 @@
---
title: List Investigations API
description: Use this API to create calls related to get Investigations collection
keywords: apis, graph api, supported apis, Investigations collection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List Investigations API
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of [Investigations](investigation.md).
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's ```$filter``` query is supported on: ```startTime```, ```state```, ```machineId``` and ```triggeringAlertId``` properties.
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
## Limitations
1. Maximum page size is 10,000.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Alert.Read.All | 'Read all alerts'
Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
## HTTP request
```
GET https://api.securitycenter.windows.com/api/investigations
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Example
**Request**
Here is an example of a request to get all investigations:
```
GET https://api.securitycenter.windows.com/api/investigations
```
**Response**
Here is an example of the response:
```
HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations",
"value": [
{
"id": "63017",
"startTime": "2020-01-06T14:11:34Z",
"endTime": null,
"state": "Running",
"cancelledBy": null,
"statusDetails": null,
"machineId": "a69a22debe5f274d8765ea3c368d00762e057b30",
"computerDnsName": "desktop-gtrcon0",
"triggeringAlertId": "da637139166940871892_-598649278"
}
...
]
}
```

66
windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md Normal file
View File

@ -0,0 +1,66 @@
---
title: Get Investigation object API
description: Use this API to create calls related to get Investigation object
keywords: apis, graph api, supported apis, Investigation object
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get Investigation API
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves specific [Investigation](investigation.md) by its ID.
<br> ID can be the investigation ID or the investigation triggering alert ID.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Alert.Read.All | 'Read all alerts'
Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.Read | 'Read alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
>[!Note]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
## HTTP request
```
GET https://api.securitycenter.windows.com/api/investigations/{id}
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200, Ok response code with a [Investigations](investigation.md) entity.

48
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
View File

@ -18,12 +18,19 @@ ms.topic: article
# Get IP related alerts API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of alerts related to a given IP address.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,39 +76,4 @@ Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"value": [
{
"id": "441688558380765161_2136280442",
"incidentId": 8633,
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "InProgress",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
"lastEventTime": "2018-11-25T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
}
]
}
```
```

13
windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
View File

@ -18,11 +18,18 @@ ms.topic: article
# Get IP statistics API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves the statistics for the given IP.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves the prevalence for the given IP.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

2
windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
View File

@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/07/2018
ROBOTS: NOINDEX
---
# Get KB collection API

40
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get machine by ID API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves specific [Machine](machine.md) by its machine ID or computer name.
## Limitations
1. You can get machines last seen in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves a machine entity by ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -83,20 +91,22 @@ Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine",
"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"computerDnsName": "mymachine1.contoso.com",
"firstSeen": "2018-08-02T14:55:03.7791856Z",
"lastSeen": "2018-08-02T14:55:03.7791856Z",
"osPlatform": "Windows10",
"osVersion": "10.0.0.0",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"agentVersion": "10.5830.18209.1001",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"osPlatform": "Windows10",
"version": "1709",
"osProcessor": "x64",
"lastIpAddress": "172.17.230.209",
"lastExternalIpAddress": "167.220.196.71",
"osBuild": 18209,
"healthStatus": "Active",
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"riskScore": "Low",
"exposureLevel": "Medium",
"isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}

45
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -18,11 +18,19 @@ ms.topic: article
# Get machine log on users API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves a collection of logged on users on a specific machine.
## Limitations
1. You can query on machines last seen in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Retrieves a collection of logged on users.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -81,26 +89,19 @@ Content-type: application/json
"value": [
{
"id": "contoso\\user1",
"firstSeen": "2018-08-02T00:00:00Z",
"lastSeen": "2018-08-04T00:00:00Z",
"mostPrevalentMachineId": null,
"leastPrevalentMachineId": null,
"logonTypes": "Network",
"logOnMachinesCount": 3,
"isDomainAdmin": false,
"isOnlyNetworkUser": null
"accountName": "user1",
"accountDomain": "contoso",
"accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
"firstSeen": "2019-12-18T08:02:54Z",
"lastSeen": "2020-01-06T08:01:48Z",
"mostPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
"leastPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
"logonTypes": "Interactive",
"logOnMachinesCount": 8,
"isDomainAdmin": true,
"isOnlyNetworkUser": false
},
{
"id": "contoso\\user2",
"firstSeen": "2018-08-02T00:00:00Z",
"lastSeen": "2018-08-05T00:00:00Z",
"mostPrevalentMachineId": null,
"leastPrevalentMachineId": null,
"logonTypes": "Network",
"logOnMachinesCount": 3,
"isDomainAdmin": false,
"isOnlyNetworkUser": null
}
...
]
}
```

66
windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
View File

@ -17,13 +17,20 @@ ms.topic: article
---
# Get machine related alerts API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Retrieves a collection of alerts related to a given machine ID.
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves all [Alerts](alerts.md) related to a specific machine.
## Limitations
1. You can query on machines last seen in the past 30 days.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
@ -54,52 +61,3 @@ Empty
## Response
If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
## Example
**Request**
Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/alerts
```
**Response**
Here is an example of the response.
```
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"value": [
{
"id": "441688558380765161_2136280442",
"incidentId": 8633,
"assignedTo": "secop@contoso.com",
"severity": "Low",
"status": "InProgress",
"classification": "TruePositive",
"determination": "Malware",
"investigationState": "Running",
"category": "MalwareDownload",
"detectionSource": "WindowsDefenderAv",
"threatFamilyName": "Mikatz",
"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
"description": "Some description",
"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
"firstEventTime": "2018-11-25T16:17:50.0948658Z",
"lastEventTime": "2018-11-25T16:18:01.809871Z",
"resolvedTime": null,
"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
}
]
}
```

32
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -18,10 +18,18 @@ ms.topic: article
# Get machineAction API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## API description
Retrieves specific [Machine Action](machineaction.md) by its ID.
## Limitations
1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
Get action performed on a machine.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -77,15 +85,17 @@ HTTP/1.1 200 Ok
Content-type: application/json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
"type": "RunAntiVirusScan",
"requestor": "Analyst@contoso.com",
"requestorComment": "Check machine for viruses due to alert 3212",
"id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
"type": "Isolate",
"scope": "Selective",
"requestor": "Analyst@TestPrd.onmicrosoft.com",
"requestorComment": "test for docs",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
"relatedFileInfo": null
"machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
"computerDnsName": "desktop-test",
"creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
"lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
"relatedFileInfo": null
}

27
windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
View File

@ -18,17 +18,22 @@ ms.topic: article
# List MachineActions API
**Applies to:**
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Gets collection of actions done on machines.
Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
## API description
Retrieves a collection of [Machine Actions](machineaction.md).
<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
<br>The OData's ```$filter``` query is supported on: ```status```, ```machineId```, ```type```, ```requestor``` and ```creationDateTimeUtc``` properties.
<br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
## Limitations
1. Maximum page size is 10,000.
2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -89,10 +94,12 @@ Content-type: application/json
{
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
"type": "CollectInvestigationPackage",
"scope": null,
"requestor": "Analyst@contoso.com",
"requestorComment": "test",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
"relatedFileInfo": null
@ -100,10 +107,12 @@ Content-type: application/json
{
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
"type": "RunAntiVirusScan",
"scope": "Full",
"requestor": "Analyst@contoso.com",
"requestorComment": "Check machine for viruses due to alert 3212",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
"relatedFileInfo": null
@ -111,10 +120,12 @@ Content-type: application/json
{
"id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
"type": "StopAndQuarantineFile",
"scope": null,
"requestor": "Analyst@contoso.com",
"requestorComment": "test",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
"lastUpdateTimeUtc": "2018-12-04T12:16:14.2899973Z",
"relatedFileInfo": {
@ -151,10 +162,12 @@ Content-type: application/json
{
"id": "69dc3630-1ccc-4342-acf3-35286eec741d",
"type": "CollectInvestigationPackage",
"scope": null,
"requestor": "Analyst@contoso.com",
"requestorComment": "test",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
"lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
"relatedFileInfo": null
@ -162,10 +175,12 @@ Content-type: application/json
{
"id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
"type": "RunAntiVirusScan",
"scope": "Full",
"requestor": "Analyst@contoso.com",
"requestorComment": "Check machine for viruses due to alert 3212",
"status": "Succeeded",
"machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
"computerDnsName": "desktop-39g9tgl",
"creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
"lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
"relatedFileInfo": null

Some files were not shown because too many files have changed in this diff Show More