diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index 42c5c64363..b2e0d48bc7 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -106,6 +106,14 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.) 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device. +>[!TIP] +>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion: + +1. Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed. +1. Press and hold the **Volume Up and Power buttons** until the device reboots. Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED. + 1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device: +1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2. + ### HoloLens (1st gen) If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool. diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md index 1a9ec375af..59426de18e 100644 --- a/devices/hololens/hololens2-basic-usage.md +++ b/devices/hololens/hololens2-basic-usage.md @@ -105,8 +105,8 @@ To **close** the Start menu, do the Start gesture when the Start menu is open. > [!IMPORTANT] > For the one-handed Start gesture to work: > -> 1. You must update to the November 2019 update (build 18363) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device. +> 1. You must update to the November 2019 update (build 18363.1039) or later. +> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index ae68a73283..9a2630fdb4 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -1,6 +1,6 @@ --- title: CertificateStore DDF file -description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML. +description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML. ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 5b7d432911..c70da05dae 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -1,6 +1,6 @@ --- title: CleanPC CSP -description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. +description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 724027f5f0..3bf0368ffd 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,6 +1,6 @@ --- title: DeviceManageability CSP -description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. +description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 2191e66e9c..06e4d21323 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -1,6 +1,6 @@ --- title: DeviceStatus CSP -description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. +description: The DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise. ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 7946edba39..4767766c8c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,6 +1,6 @@ --- title: DMClient CSP -description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. +description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings. ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 03e82dc9e8..f687502610 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,6 +1,6 @@ --- title: EAP configuration -description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10. +description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10. ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index bc80bbff44..481d57ea45 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -1,6 +1,6 @@ --- title: Provide server-side support for mobile app management on Windows -description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). +description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md index 692b7306a7..9076a17339 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -1,6 +1,6 @@ --- title: Create a task sequence with Configuration Manager (Windows 10) -description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. +description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index 234a716425..e7cabd8fec 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -1,177 +1,178 @@ ---- -title: Use Orchestrator runbooks with MDT (Windows 10) -description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: web services, database -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Use Orchestrator runbooks with MDT - -This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. - -**Note**   -If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. - -## Orchestrator terminology - -Before diving into the core details, here is a quick course in Orchestrator terminology: -- **Orchestrator Server.** This is a server that executes runbooks. -- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. -- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. -- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. -- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. -- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. -- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. - -**Note**   -To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). - -## Create a sample runbook - -This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. - -1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). -2. In the **E:\\Logfile** folder, create the DeployLog.txt file. - **Note** - Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. - - ![figure 23](../images/mdt-09-fig23.png) - - Figure 23. The DeployLog.txt file. - -3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. - - ![figure 24](../images/mdt-09-fig24.png) - - Figure 24. Folder created in the Runbooks node. - -4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. -5. On the ribbon bar, click **Check Out**. -6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. -7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: - 1. Runbook Control / Initialize Data - 2. Text File Management / Append Line -8. Connect **Initialize Data** to **Append Line**. - - ![figure 25](../images/mdt-09-fig25.png) - - Figure 25. Activities added and connected. - -9. Right-click the **Initialize Data** activity, and select **Properties** -10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. - - ![figure 26](../images/mdt-09-fig26.png) - - Figure 26. The Initialize Data Properties window. - -11. Right-click the **Append Line** activity, and select **Properties**. -12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. -13. In the **File** encoding drop-down list, select **ASCII**. -14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. - - ![figure 27](../images/mdt-09-fig27.png) - - Figure 27. Expanding the Text area. - -15. In the blank text box, right-click and select **Subscribe / Published Data**. - - ![figure 28](../images/mdt-09-fig28.png) - - Figure 28. Subscribing to data. - -16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. -17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. -18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. - - ![figure 29](../images/mdt-09-fig29.png) - - Figure 29. The expanded text box after all subscriptions have been added. - -19. On the **Append Line Properties** page, click **Finish**. - ## Test the demo MDT runbook - After the runbook is created, you are ready to test it. -20. On the ribbon bar, click **Runbook Tester**. -21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: - - OSDComputerName: PC0010 -22. Verify that all activities are green (for additional information, see each target). -23. Close the **Runbook Tester**. -24. On the ribbon bar, click **Check In**. - -![figure 30](../images/mdt-09-fig30.png) - -Figure 30. All tests completed. - -## Use the MDT demo runbook from MDT - -1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. -2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - 1. Task sequence ID: OR001 - 2. Task sequence name: Orchestrator Sample - 3. Task sequence comments: <blank> - 4. Template: Custom Task Sequence -3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. -4. Remove the default **Application Install** action. -5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. -6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: - 1. Name: Set Task Sequence Variable - 2. Task Sequence Variable: OSDComputerName - 3. Value: %hostname% -7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: - 1. Orchestrator Server: OR01.contoso.com - 2. Use Browse to select **1.0 MDT / MDT Sample**. -8. Click **OK**. - -![figure 31](../images/mdt-09-fig31.png) - -Figure 31. The ready-made task sequence. - -## Run the orchestrator sample task sequence - -Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. -**Note**   -Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). - -1. On PC0001, log on as **CONTOSO\\MDT\_BA**. -2. Using an elevated command prompt (run as Administrator), type the following command: - - ``` syntax - cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs - ``` -3. Complete the Windows Deployment Wizard using the following information: - 1. Task Sequence: Orchestrator Sample - 2. Credentials: - 1. User Name: MDT\_BA - 2. Password: P@ssw0rd - 3. Domain: CONTOSO -4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. - -![figure 32](../images/mdt-09-fig32.png) - -Figure 32. The ready-made task sequence. - -## Related topics - -[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) - -[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) - -[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) - -[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) - -[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) - -[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) - -[Use web services in MDT](use-web-services-in-mdt.md) +--- +title: Use Orchestrator runbooks with MDT (Windows 10) +description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: web services, database +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: mdt +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Use Orchestrator runbooks with MDT + +This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. + +**Note**   +If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. + +## Orchestrator terminology + +Before diving into the core details, here is a quick course in Orchestrator terminology: +- **Orchestrator Server.** This is a server that executes runbooks. +- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. +- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. +- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. +- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. +- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. +- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. + +**Note**   +To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). + +## Create a sample runbook + +This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. + +1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). +2. In the **E:\\Logfile** folder, create the DeployLog.txt file. + **Note** + Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. + + ![figure 23](../images/mdt-09-fig23.png) + + Figure 23. The DeployLog.txt file. + +3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. + + ![figure 24](../images/mdt-09-fig24.png) + + Figure 24. Folder created in the Runbooks node. + +4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. +5. On the ribbon bar, click **Check Out**. +6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. +7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: + 1. Runbook Control / Initialize Data + 2. Text File Management / Append Line +8. Connect **Initialize Data** to **Append Line**. + + ![figure 25](../images/mdt-09-fig25.png) + + Figure 25. Activities added and connected. + +9. Right-click the **Initialize Data** activity, and select **Properties** +10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. + + ![figure 26](../images/mdt-09-fig26.png) + + Figure 26. The Initialize Data Properties window. + +11. Right-click the **Append Line** activity, and select **Properties**. +12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. +13. In the **File** encoding drop-down list, select **ASCII**. +14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. + + ![figure 27](../images/mdt-09-fig27.png) + + Figure 27. Expanding the Text area. + +15. In the blank text box, right-click and select **Subscribe / Published Data**. + + ![figure 28](../images/mdt-09-fig28.png) + + Figure 28. Subscribing to data. + +16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. +17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. +18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. + + ![figure 29](../images/mdt-09-fig29.png) + + Figure 29. The expanded text box after all subscriptions have been added. + +19. On the **Append Line Properties** page, click **Finish**. + ## Test the demo MDT runbook + After the runbook is created, you are ready to test it. +20. On the ribbon bar, click **Runbook Tester**. +21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: + - OSDComputerName: PC0010 +22. Verify that all activities are green (for additional information, see each target). +23. Close the **Runbook Tester**. +24. On the ribbon bar, click **Check In**. + +![figure 30](../images/mdt-09-fig30.png) + +Figure 30. All tests completed. + +## Use the MDT demo runbook from MDT + +1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. +2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: + 1. Task sequence ID: OR001 + 2. Task sequence name: Orchestrator Sample + 3. Task sequence comments: <blank> + 4. Template: Custom Task Sequence +3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. +4. Remove the default **Application Install** action. +5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. +6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: + 1. Name: Set Task Sequence Variable + 2. Task Sequence Variable: OSDComputerName + 3. Value: %hostname% +7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: + 1. Orchestrator Server: OR01.contoso.com + 2. Use Browse to select **1.0 MDT / MDT Sample**. +8. Click **OK**. + +![figure 31](../images/mdt-09-fig31.png) + +Figure 31. The ready-made task sequence. + +## Run the orchestrator sample task sequence + +Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. +**Note**   +Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). + +1. On PC0001, log on as **CONTOSO\\MDT\_BA**. +2. Using an elevated command prompt (run as Administrator), type the following command: + + ``` syntax + cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs + ``` +3. Complete the Windows Deployment Wizard using the following information: + 1. Task Sequence: Orchestrator Sample + 2. Credentials: + 1. User Name: MDT\_BA + 2. Password: P@ssw0rd + 3. Domain: CONTOSO +4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. + +![figure 32](../images/mdt-09-fig32.png) + +Figure 32. The ready-made task sequence. + +## Related topics + +[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) + +[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) + +[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) + +[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) + +[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) + +[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) + +[Use web services in MDT](use-web-services-in-mdt.md) diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index 79b6610104..1ca54bbdb6 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -1,6 +1,6 @@ --- title: Use MDT database to stage Windows 10 deployment info (Windows 10) -description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). +description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database. ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 90bcabb6d6..e9b3ec607d 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -4,13 +4,15 @@ description: Deploying Windows 10 for IT professionals. ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C ms.reviewer: manager: laurawi -ms.audience: itpro author: greg-lindsay +ms.audience: itpro +author: greg-lindsay ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.date: 11/06/2018 -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.topic: article --- @@ -35,7 +37,7 @@ Windows 10 upgrade options are discussed and information is provided about plann ## Related topics -[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) +[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)   diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md index 5222062842..5edd92497e 100644 --- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md +++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md @@ -1,100 +1,101 @@ ---- -title: Applying Filters to Data in the SUA Tool (Windows 10) -description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. -ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Applying Filters to Data in the SUA Tool - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. - -**To apply filters to data in the SUA tool** - -1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md). - -2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues. - -3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Options menu commandDescription

Filter Noise

Filters noise from the issues.

-

This command is selected by default.

Load Noise Filter File

Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.

Export Noise Filter File

Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.

Only Display Records with Application Name in StackTrace

Filters out records that do not have the application name in the stack trace.

-

However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.

Show More Details in StackTrace

Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.

Warn Before Deleting AppVerifier Logs

Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.

-

This command is selected by default.

Logging

Provides the following logging-related options:

-
    -

  • Show or hide log errors.

    • -

  • Show or hide log warnings.

    • -

  • Show or hide log information.

    • -
-

To maintain a manageable file size, we recommend that you do not select the option to show informational messages.

- -   - -  - -  - - - - - +--- +title: Applying Filters to Data in the SUA Tool (Windows 10) +description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application. +ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Applying Filters to Data in the SUA Tool + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. + +**To apply filters to data in the SUA tool** + +1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md). + +2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues. + +3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Options menu commandDescription

Filter Noise

Filters noise from the issues.

+

This command is selected by default.

Load Noise Filter File

Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.

Export Noise Filter File

Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.

Only Display Records with Application Name in StackTrace

Filters out records that do not have the application name in the stack trace.

+

However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.

Show More Details in StackTrace

Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.

Warn Before Deleting AppVerifier Logs

Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.

+

This command is selected by default.

Logging

Provides the following logging-related options:

+
    +

  • Show or hide log errors.

    • +

  • Show or hide log warnings.

    • +

  • Show or hide log information.

    • +
+

To maintain a manageable file size, we recommend that you do not select the option to show informational messages.

+ +   + +  + +  + + + + + diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 8d8da0f126..c35e379797 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -1,6 +1,6 @@ --- title: Create AppHelp Message in Compatibility Administrator (Windows 10) -description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system. +description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system. ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848 ms.reviewer: manager: laurawi diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index ddb3d63a10..71ebf32bab 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -3,7 +3,7 @@ title: Log files - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Learn how to interpret the log files generated during the Windows 10 upgrade process. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy @@ -27,7 +27,8 @@ ms.topic: article Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. -Note: Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. +>[!NOTE] +>Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. The following table describes some log files and how to use them for troubleshooting purposes:
@@ -79,7 +80,7 @@ See the following example: ## Analyze log files ->The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes). +The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
To analyze Windows Setup log files: @@ -110,7 +111,7 @@ See the following example: For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file: ->Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN." +Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
setuperr.log content: diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 01850db7f6..fa2817f19b 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -1,239 +1,243 @@ ---- -title: Quick fixes - Windows IT Pro -ms.reviewer: -manager: laurawi -ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.topic: article ---- - -# Quick fixes - -**Applies to** -- Windows 10 - ->[!NOTE] ->This is a 100 level topic (basic).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. - -The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10). - -The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. - ->You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. - -## List of fixes - -
    -
  1. Remove nonessential external hardware, such as docks and USB devices. More information.
    2. -
  2. Check the system drive for errors and attempt repairs. More information.
    3. -
  3. Run the Windows Update troubleshooter. More information.
    4. -
  4. Attempt to restore and repair system files. More information.
    5. -
  5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
    6. -
  6. Temporarily uninstall non-Microsoft antivirus software. - More information.
    7. - -
  7. Uninstall all nonessential software. More information.
    8. -
  8. Update firmware and drivers. More information
    9. -
  9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
    10. -
  10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
    11. -
- -## Step by step instructions - -### Remove external hardware - -If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)). - -Unplug nonessential external hardware devices from the computer, such as: -- Headphones -- Joysticks -- Printers -- Plotters -- Projectors -- Scanners -- Speakers -- USB flash drives -- Portable hard drives -- Portable CD/DVD/Blu-ray drives -- Microphones -- Media card readers -- Cameras/Webcams -- Smart phones -- Secondary monitors, keyboards, mice - -For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/help/4051300/windows-10-safely-remove-hardware) - -### Repair the system drive - -The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive. - -To check and repair errors on the system drive: - -1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **chkdsk /F** and press ENTER. -6. When you are prompted to schedule a check the next time the system restarts, type **Y**. -7. See the following example - - ``` - C:\WINDOWS\system32>chkdsk /F - The type of the file system is NTFS. - Cannot lock current drive. - - Chkdsk cannot run because the volume is in use by another - process. Would you like to schedule this volume to be - checked the next time the system restarts? (Y/N) Y - - This volume will be checked the next time the system restarts. - ``` - -8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive. - -### Windows Update Troubleshooter - -The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating. - -For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu). - -For Windows 10, the tool is [here](https://aka.ms/wudiag). - -To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems. - -You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?" - -If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links. - -### Repair system files - -This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93). - -To check and repair system files: - -1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **sfc /scannow** and press ENTER. See the following example: - - ``` - C:\>sfc /scannow - - Beginning system scan. This process will take some time. - - Beginning verification phase of system scan. - Verification 100% complete. - - Windows Resource Protection did not find any integrity violations. - ``` -6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: - - ``` - C:\>DISM.exe /Online /Cleanup-image /Restorehealth - - Deployment Image Servicing and Management tool - Version: 10.0.16299.15 - - Image Version: 10.0.16299.309 - - [==========================100.0%==========================] The restore operation completed successfully. - The operation completed successfully. - - ``` - >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). - - -### Update Windows - -You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. - -The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated. - -Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows." - -Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above. - -Click **Start**, click power options, and then restart the computer. - -### Uninstall non-Microsoft antivirus software - -Use Windows Defender for protection during the upgrade. - -Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program. - -To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal. - -For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10). - -### Uninstall non-essential software - -Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help. - -If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it. - -To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software. - -### Update firmware and drivers - -Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed. - -Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). - -To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions. - -### Ensure that "Download and install updates" is selected - -When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example: - -![Get important updates](../images/update.jpg) - -### Verify disk space - -You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. - -To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer. - -In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon. - -The amount of space available on the system drive will be displayed under the drive. See the following example: - -![System drive](../images/drive.png) - -In the previous example, there is 703 GB of available free space on the system drive (C:). - -To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: - -![Disk cleanup](../images/cleanup.png) - -For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). - -When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version. - -### Open an elevated command prompt - ->It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. - -To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). - -Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). - -If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. - -If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem. - -## Related topics - -[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) -
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) -
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +--- +title: Quick fixes - Windows IT Pro +ms.reviewer: +manager: laurawi +ms.author: greglin +description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.topic: article +--- + +# Quick fixes + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 100 level topic (basic).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + +The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10). + +The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. + +> [!TIP] +> You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. + +## List of fixes + +
    +
  1. Remove nonessential external hardware, such as docks and USB devices. More information.
    2. +
  2. Check the system drive for errors and attempt repairs. More information.
    3. +
  3. Run the Windows Update troubleshooter. More information.
    4. +
  4. Attempt to restore and repair system files. More information.
    5. +
  5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
    6. +
  6. Temporarily uninstall non-Microsoft antivirus software. + More information.
    7. + +
  7. Uninstall all nonessential software. More information.
    8. +
  8. Update firmware and drivers. More information
    9. +
  9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
    10. +
  10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
    11. +
+ +## Step by step instructions + +### Remove external hardware + +If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)). + +Unplug nonessential external hardware devices from the computer, such as: +- Headphones +- Joysticks +- Printers +- Plotters +- Projectors +- Scanners +- Speakers +- USB flash drives +- Portable hard drives +- Portable CD/DVD/Blu-ray drives +- Microphones +- Media card readers +- Cameras/Webcams +- Smart phones +- Secondary monitors, keyboards, mice + +For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/help/4051300/windows-10-safely-remove-hardware) + +### Repair the system drive + +The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive. + +To check and repair errors on the system drive: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **chkdsk /F** and press ENTER. +6. When you are prompted to schedule a check the next time the system restarts, type **Y**. +7. See the following example + + ``` + C:\WINDOWS\system32>chkdsk /F + The type of the file system is NTFS. + Cannot lock current drive. + + Chkdsk cannot run because the volume is in use by another + process. Would you like to schedule this volume to be + checked the next time the system restarts? (Y/N) Y + + This volume will be checked the next time the system restarts. + ``` + +8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive. + +### Windows Update Troubleshooter + +The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating. + +For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu). + +For Windows 10, the tool is [here](https://aka.ms/wudiag). + +To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems. + +You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?" + +If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links. + +### Repair system files + +This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93). + +To check and repair system files: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **sfc /scannow** and press ENTER. See the following example: + + ``` + C:\>sfc /scannow + + Beginning system scan. This process will take some time. + + Beginning verification phase of system scan. + Verification 100% complete. + + Windows Resource Protection did not find any integrity violations. + ``` +6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: + + ``` + C:\>DISM.exe /Online /Cleanup-image /Restorehealth + + Deployment Image Servicing and Management tool + Version: 10.0.16299.15 + + Image Version: 10.0.16299.309 + + [==========================100.0%==========================] The restore operation completed successfully. + The operation completed successfully. + + ``` + > [!NOTE] + > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + + +### Update Windows + +You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. + +The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated. + +Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows." + +Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above. + +Click **Start**, click power options, and then restart the computer. + +### Uninstall non-Microsoft antivirus software + +Use Windows Defender for protection during the upgrade. + +Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program. + +To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal. + +For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10). + +### Uninstall non-essential software + +Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help. + +If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it. + +To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software. + +### Update firmware and drivers + +Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed. + +Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). + +To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions. + +### Ensure that "Download and install updates" is selected + +When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example: + +![Get important updates](../images/update.jpg) + +### Verify disk space + +You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. + +To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer. + +In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon. + +The amount of space available on the system drive will be displayed under the drive. See the following example: + +![System drive](../images/drive.png) + +In the previous example, there is 703 GB of available free space on the system drive (C:). + +To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: + +![Disk cleanup](../images/cleanup.png) + +For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). + +When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version. + +### Open an elevated command prompt + +> [!TIP] +> It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. + +To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). + +Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). + +If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. + +If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem. + +## Related topics + +[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 81c8751a84..7b336767e8 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -3,7 +3,7 @@ title: Resolution procedures - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Discover general troubleshooting procedures for dealing with 0xC1900101, the generic rollback code thrown when something goes wrong during a Windows 10 upgrade. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index e06f80e04b..c429b8496c 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -3,7 +3,7 @@ title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Understanding the Windows 10 upgrade process can help you troubleshoot errors when something goes wrong. Find out more with this guide. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 7f4624ce3a..5bb2a95e0c 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -3,7 +3,7 @@ title: Upgrade error codes - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Understand the error codes that may come up if something goes wrong during the Windows 10 upgrade process. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy @@ -30,7 +30,7 @@ If the upgrade process is not successful, Windows Setup will return two codes: 1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error. 2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred. ->For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**. +For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**. Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/kb/3159635) then only a result code might be returned. @@ -39,7 +39,7 @@ Note: If only a result code is returned, this can be because a tool is being use ## Result codes ->A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. +A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. The following set of result codes are associated with [Windows Setup](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options) compatibility warnings: @@ -77,7 +77,8 @@ Some result codes are self-explanatory, whereas others are more generic and requ ## Extend codes ->**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. +>[!IMPORTANT] +>Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation: diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 513ae0cfd8..c6118f8f14 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -1,6 +1,6 @@ --- title: Perform in-place upgrade to Windows 10 via Configuration Manager -description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process. +description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence. ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 ms.reviewer: manager: laurawi diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 499fef06bd..562773ef21 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -3,7 +3,7 @@ title: Windows error reporting - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/volume-activation/images/vamt-known-issue-message.png b/windows/deployment/volume-activation/images/vamt-known-issue-message.png new file mode 100644 index 0000000000..5ce1a31e1f Binary files /dev/null and b/windows/deployment/volume-activation/images/vamt-known-issue-message.png differ diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 70933d12f6..8022121cb3 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,25 +1,69 @@ ---- -title: VAMT Known Issues (Windows 10) -description: VAMT Known Issues -ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.date: 04/25/2017 -ms.topic: article ---- - -# VAMT Known Issues - -The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0. -- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. -- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). -- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. -- The remaining activation count can only be retrieved for MAKs. -  -  +--- +title: VAMT known issues (Windows 10) +description: Volume Activation Management Tool (VAMT) known issues +ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.date: 12/17/2019 +ms.topic: article +ms.custom: +- CI 111496 +- CSSTroubleshooting +--- + +# VAMT known issues + +The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. + +- VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. +- When opening a Computer Information List (CIL file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. +- The remaining activation count can only be retrieved for MAKs. + +## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 + +When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into VAMT 3.1 (version 10.0.10240.0), you receive the following error message: + +> The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online. + +![VAMT error message](./images/vamt-known-issue-message.png) + +This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. + +### Workaround + +To work around this issue, use one of the following methods. + +**Method 1** + +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). + +**Method 2** + +On the KMS host computer, follow these steps: + +1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/). + +1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**. + +1. To extract the contents of the update, open a Command Prompt window and run the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ + ``` + +1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 + ``` + +1. In the "C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716\" folder, copy the **pkeyconfig-csvlk.xrm-ms** file. Paste this file to the "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig" folder. + +1. Restart VAMT. diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index c9973b520d..2bf8998e1e 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -1,6 +1,6 @@ --- title: Windows 10 deployment tools -description: Learn about the tools available to deploy Windows 10. +description: Browse through documentation describing Windows 10 deployment tools. Learn how to use these these tools to successfully deploy Windows 10 to your organization. ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB ms.reviewer: manager: laurawi diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md index 563e086966..63f327622a 100644 --- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -2,7 +2,7 @@ title: Windows Autopilot device guidelines ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Learn all about hardware, firmware, and software best practices for Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index e762a53ed9..9f4cdcfc25 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot for existing devices -description: Windows Autopilot deployment +description: Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md index ae223e3032..93abebfa65 100644 --- a/windows/deployment/windows-autopilot/index.md +++ b/windows/deployment/windows-autopilot/index.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot deployment -description: Windows Autopilot deployment +description: Discover resources for Windows Autopilot deployment with this guide. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index db8c0256dd..5be64cc194 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -2,7 +2,7 @@ title: Windows Autopilot known issues ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Inform yourself about known issues that may occur during Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md index 6e54f66318..5cb74ed199 100644 --- a/windows/deployment/windows-autopilot/profiles.md +++ b/windows/deployment/windows-autopilot/profiles.md @@ -1,48 +1,49 @@ ---- -title: Configure Autopilot profiles -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Configure Autopilot profiles - -**Applies to** - -- Windows 10 - -For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices). - -## Profile settings - -The following profile settings are available: - -- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process. - -- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process. - -- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings. - -- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool. - -- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete. - -- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users. - -- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details. - -## Related topics - -[Profile download](troubleshooting.md#profile-download) -[Registering devices](add-devices.md) +--- +title: Configure Autopilot profiles +description: Learn how to configure device profiles while performing a Windows Autopilot deployment. +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Configure Autopilot profiles + +**Applies to** + +- Windows 10 + +For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices). + +## Profile settings + +The following profile settings are available: + +- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process. + +- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process. + +- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings. + +- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool. + +- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete. + +- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users. + +- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details. + +## Related topics + +[Profile download](troubleshooting.md#profile-download) +[Registering devices](add-devices.md) diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md index 3c6dfece7c..a91c17be27 100644 --- a/windows/deployment/windows-autopilot/registration-auth.md +++ b/windows/deployment/windows-autopilot/registration-auth.md @@ -1,84 +1,86 @@ ---- -title: Windows Autopilot customer consent -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro -author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Windows Autopilot customer consent - -**Applies to: Windows 10** - -This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. - -## CSP authorization - -CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions: - - -
Direct CSPGets direct authorization from the customer to register devices. -
Indirect CSP ProviderGets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. -
Indirect CSP ResellerGets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. -
- -### Steps - -For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process: - -1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so: - - CSP logs into Microsoft Partner Center - - Click **Dashboard** on the top menu - - Click **Customer** on the side menu - - Click the **Request a reseller relationship** link: - ![Request a reseller relationship](images/csp1.png) - - Select the checkbox indicating whether or not you want delegated admin rights: - ![Delegated rights](images/csp2.png) - - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges - - Send the template above to the customer via email. -2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page: - - ![Global admin](images/csp3.png) - - NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: - - ![Not global admin](images/csp4.png) - -3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously. -4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example: - -![Customers](images/csp5.png) - -## OEM authorization - -Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com. - -1. OEM emails link to their customer. -2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page: - - ![Global admin](images/csp6.png) - - NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: - - ![Not global admin](images/csp7.png) -3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously. - -4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. - - NOTE: During the OEM authorization registration process, no delegated admin permissions are granted to the OEM. - -## Summary - -At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. - +--- +title: Windows Autopilot customer consent +description: Learn how a cloud service provider (CSP) partner or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot customer consent + +**Applies to: Windows 10** + +This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. + +## CSP authorization + +CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions: + + +
Direct CSPGets direct authorization from the customer to register devices. +
Indirect CSP ProviderGets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. +
Indirect CSP ResellerGets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. +
+ +### Steps + +For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process: + +1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so: + - CSP logs into Microsoft Partner Center + - Click **Dashboard** on the top menu + - Click **Customer** on the side menu + - Click the **Request a reseller relationship** link: + ![Request a reseller relationship](images/csp1.png) + - Select the checkbox indicating whether or not you want delegated admin rights: + ![Delegated rights](images/csp2.png) + - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges + - Send the template above to the customer via email. +2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page: + + ![Global admin](images/csp3.png) + + > [!NOTE] + > A user without global admin privileges who clicks the link will see a message similar to the following: + + ![Not global admin](images/csp4.png) + +3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously. +4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example: + +![Customers](images/csp5.png) + +## OEM authorization + +Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com. + +1. OEM emails link to their customer. +2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page: + + ![Global admin](images/csp6.png) + + > [!NOTE] + > A user without global admin privileges who clicks the link will see a message similar to the following: + + ![Not global admin](images/csp7.png) +3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously. + +4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. + + > [!NOTE] + > During the OEM authorization registration process, no delegated admin permissions are granted to the OEM. + +## Summary + +At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md index ca49b045ee..4bdb15131d 100644 --- a/windows/deployment/windows-autopilot/self-deploying.md +++ b/windows/deployment/windows-autopilot/self-deploying.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot Self-Deploying mode -description: Windows Autopilot deployment +description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md index f2e35ade30..63437b2ab3 100644 --- a/windows/deployment/windows-autopilot/troubleshooting.md +++ b/windows/deployment/windows-autopilot/troubleshooting.md @@ -1,6 +1,6 @@ --- title: Troubleshooting Windows Autopilot -description: Windows Autopilot deployment +description: Learn how to handle issues as they arise during the Windows Autopilot deployment process. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index ae6ae398bc..e8fdb8a2c2 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot User-Driven Mode -description: Windows Autopilot deployment +description: Windows Autopilot user-driven mode allows devices to be deployed to a ready-to-use state without requiring help from IT personnel. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index e11c96bd77..1b234651ad 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -2,7 +2,7 @@ title: Windows Autopilot requirements ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Inform yourself about software, networking, licensing, and configuration requirements for Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index 4aab58218f..e114e9f5ec 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot Reset -description: Windows Autopilot deployment +description: Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and easily. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi @@ -87,7 +87,7 @@ Performing a local Windows Autopilot Reset is a two-step process: trigger it and 1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**. - ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png) + ![Enter CTRL+Windows key+R on the Windows lock screen](images/autopilot-reset-lockscreen.png) This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes: 1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md index e76aa507b3..ab95bacbee 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot scenarios and capabilities -description: Windows Autopilot deployment +description: Follow along with several typical Windows Autopilot deployment scenarios, such as re-deploying a device in a business-ready state. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md index 81dcb6e9c2..b10120467d 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md @@ -2,7 +2,7 @@ title: Windows Autopilot what's new ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Read news and resources about the latest updates and past versions of Windows Autopilot. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md index 04f3d13f0c..7079e66d14 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot.md +++ b/windows/deployment/windows-autopilot/windows-autopilot.md @@ -1,6 +1,6 @@ --- title: Overview of Windows Autopilot -description: Windows Autopilot deployment +description: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index a98db0c85a..f42095fd31 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,6 +1,6 @@ --- title: Prepare & Deploy Windows AD FS certificate trust (Windows Hello for Business) -description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business +description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index a125f1f5ad..4681b5725d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -1,6 +1,6 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with certificate trust -description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business +description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with certificate trust keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d30031df7d..c75524b41e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Authentication -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn about the authentication flow for Windows Hello for Business. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c876fbd351..f220db21f6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Provisioning -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -58,7 +58,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment -![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed ennvironment](images/howitworks/prov-haadj-keytrust-managed.png) +![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md index bb57bd6b57..0e03beb9e3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Technical Deep Dive -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Deeply explore how Windows Hello for Business works, and how it can help your users authenticate to services. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, works ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index f32db55329..012051d5e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Technology and Terms -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index cec799fa3d..de0d46631b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index de439496b9..a908e96533 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -1,6 +1,6 @@ --- title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) -description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business +description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index f3d95ae6ee..00b0bd2e95 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works (Windows 10) -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index 992e66a6c7..f663299fb7 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -1,6 +1,6 @@ --- title: Smart Card Group Policy and Registry Settings (Windows 10) -description: This topic for the IT professional and smart card developer describes the Group Policy settings, registry key settings, local security policy settings, and credential delegation policy settings that are available for configuring smart cards. +description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 674df551a5..df414d1e79 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -1,6 +1,6 @@ --- title: VPN and conditional access (Windows 10) -description: The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application. +description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md index 71cc07649a..65e915649a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index 9096194a09..f8fa65855e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker deployment and administration FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index 2a5c698b91..3c5449bfe9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -1,6 +1,6 @@ --- title: BitLocker FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index 5ab13673ea..226acb2e7c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Key Management FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index b137b40f9c..153be07099 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Network Unlock FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 211775fd9d..2962d7533b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Security FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index 6cc8628157..e8bd11f12b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker To Go FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about BitLocker To Go — BitLocker drive encryption for removable drives. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.author: dansimp diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index ddefee9d0c..15cb20e4f6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Upgrading FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about upgrading systems that have BitLocker enabled. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index 5d1da751a8..0aebf543c2 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -1,6 +1,6 @@ --- title: Using BitLocker with other programs FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn how to integrate BitLocker with other software on your device. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 8f99d1e45e..e2ae8c85e5 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -1,6 +1,6 @@ --- title: TPM fundamentals (Windows 10) -description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks. +description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks. ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000 ms.reviewer: ms.prod: w10 diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index e559dc6001..f15fee7c4d 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -1,6 +1,6 @@ --- title: Apply a basic audit policy on a file or folder (Windows 10) -description: You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. +description: Apply audit policies to individual files and folders on your computer by setting the permission type to record access attempts in the security log. ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 72a5aecec7..b594ba40ca 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -1,6 +1,6 @@ --- title: Audit Application Generated (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs). +description: The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs. ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 061105bbac..f655b5d8c6 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -1,6 +1,6 @@ --- title: Audit Central Access Policy Staging (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy. +description: The Advanced Security Audit policy setting, Audit Central Access Policy Staging, determines permissions on a Central Access Policy. ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 06737f9521..dffea817d4 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -1,6 +1,6 @@ --- title: Audit Directory Service Replication (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends. +description: Audit Directory Service Replication is a policy setting that decides if audit events are created when replication between two domain controllers begins or ends. ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index d28314643d..529003459d 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -1,6 +1,6 @@ --- title: Audit Kerberos Authentication Service (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. +description: The policy setting Audit Kerberos Authentication Service decides if audit events are generated for Kerberos authentication ticket-granting ticket (TGT) requests ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index 25e29659e8..d58bafa0de 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit MPSSVC Rule-Level Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe). +description: Audit MPSSVC Rule-Level Policy Change determines if audit events are generated when policy rules are altered for the Microsoft Protection Service (MPSSVC.exe). ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 6d7eaac005..697ae99b16 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -1,6 +1,6 @@ --- title: Audit Network Policy Server (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock). +description: The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests. ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 3943542ccf..7ba49fbd59 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -1,6 +1,6 @@ --- title: Audit Process Termination (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process. +description: The Advanced Security Audit policy setting, Audit Process Termination, determines if audit events are generated when an attempt is made to end a process. ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index f35fb87e98..b35eacaf51 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -1,6 +1,6 @@ --- title: Audit RPC Events (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made. +description: Audit RPC Events is an audit policy setting that determines if audit events are generated when inbound remote procedure call (RPC) connections are made. ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 710f45b4ae..d75b85e522 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Security Group Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. +description: The policy setting, Audit Security Group Management, determines if audit events are generated when specific security group management tasks are performed. ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index ac5edaec4a..3bdb900b00 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -1,6 +1,6 @@ --- title: Audit Sensitive Privilege Use (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used. +description: The policy setting, Audit Sensitive Privilege Use, determines if the operating system generates audit events when sensitive privileges (user rights) are used. ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 25d5f2620c..5b2d45cc98 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -1,6 +1,6 @@ --- title: Audit User Account Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed. +description: Audit User Account Management is an audit policy setting that determines if the operating system generates audit events when certain tasks are performed. ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 55da915b55..74c7755cb8 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -1,6 +1,6 @@ --- title: Audit User/Device Claims (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims. +description: Audit User/Device Claims is an audit policy setting which enables you to audit security events that are generated by user and device claims. ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index fad5b7ff52..94499439b0 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -1,6 +1,6 @@ --- title: Monitor central access policies for files or folders (Windows 10) -description: This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects. +description: Monitor changes to central access policies associated with files and folders, when using advanced security auditing options for dynamic access control objects. ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 4a9c0d7f29..7be96ce69b 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -1,6 +1,6 @@ --- title: Monitor central access policies on a file server (Windows 10) -description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. +description: Learn how to monitor changes to the central access policies that apply to a file server, when using advanced security auditing options. ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 92fb064c14..e88b1b13e8 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -1,6 +1,6 @@ --- title: Deployment guidelines for Windows Defender Device Guard (Windows 10) -description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and code integrity policies. +description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index c3cdc07f58..d9eda2847f 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -1,6 +1,6 @@ --- title: Get support -description: This article, and the articles it links to, answers frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization +description: Frequently asked question about how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 82dfc632fd..88fd42601a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -1,7 +1,7 @@ --- -title: Hello World +title: Hello World for Microsoft Defender Advanced Threat Protection API ms.reviewer: -description: Use this API to run advanced queries +description: Create a practice 'Hello world'-style API call to the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index e1397a16e7..7f21e771f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Powershell API Guide ms.reviewer: -description: Use this API to run advanced queries +description: Walk through a practice scenario, complete with code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -30,7 +30,7 @@ In this section we share PowerShell samples to - Use token to retrieve the latest alerts in Microsoft Defender ATP - For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL. ->**Prerequisite**: You first need to [create an app](apis-intro.md). +**Prerequisite**: You first need to [create an app](apis-intro.md). ## Preparation Instructions @@ -40,16 +40,16 @@ In this section we share PowerShell samples to Set-ExecutionPolicy -ExecutionPolicy Bypass ``` ->For more details, refer to [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy) +For more details, refer to [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy) ## Get token -- Run the below +Run the below: -> - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant) -> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP) -> - $appSecret: Secret of your AAD app -> - $suspiciousUrl: The URL +- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant) +- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP) +- $appSecret: Secret of your AAD app +- $suspiciousUrl: The URL ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 358b596f33..c451cf8400 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -1,7 +1,7 @@ --- title: Microsoft Threat Experts ms.reviewer: -description: Microsoft Threat Experts is the new managed detection and response (MDR) service in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. +description: Microsoft Threat Experts provides an additional layer of expertise to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts search.product: Windows 10 search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 8dc833cda8..540c957c3f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting API ms.reviewer: -description: Use this API to run advanced queries +description: Use the Advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md index a5ad0b88e2..e473635682 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md @@ -22,8 +22,8 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) +> [!TIP] +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls. @@ -46,6 +46,3 @@ Get MachineActions collection | Run this to get MachineAction collection. Get FileActions collection | Run this to get FileActions collection. Get FileMachineAction object | Run this to get FileMachineAction object. Get FileMachineActions collection | Run this to get FileMachineAction collection. - - - diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 355b58c60f..fe80c5c8a4 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -1,6 +1,6 @@ --- title: Mitigate threats by using Windows 10 security features (Windows 10) -description: This topic provides an overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. +description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 49f815ce3f..60fe8eaa5f 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -1,6 +1,6 @@ --- title: Access Credential Manager as a trusted caller (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Access Credential Manager as a trusted caller security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Access Credential Manager as a trusted caller. ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index f6beb6795e..429a6e932a 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -1,6 +1,6 @@ --- title: Accounts Limit local account use of blank passwords (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Accounts Limit local account use of blank passwords to console logon only security policy setting. +description: Learn best practices, security considerations, and more for the policy setting, Accounts Limit local account use of blank passwords to console logon only. ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md index c1da92162e..61a261c4bd 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md @@ -1,6 +1,6 @@ --- title: Interactive Logon Message text (Windows 10) -description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Message text for users attempting to log on security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Interactive logon Message text for users attempting to log on. ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 2f0c68363e..0eb20f0245 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -1,6 +1,6 @@ --- title: Microsoft network client Send unencrypted password (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Send unencrypted password to third-party SMB servers security policy setting. +description: Learn about best practices and more for the security policy setting, Microsoft network client Send unencrypted password to third-party SMB servers. ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index 51a7a62dde..473585fba5 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -1,6 +1,6 @@ --- title: Microsoft network server Attempt S4U2Self (Windows 10) -description: Describes the best practices, location, values, management, and security considerations for the Microsoft network server Attempt S4U2Self to obtain claim information security policy setting. +description: Learn about the security policy setting, Microsoft network server Attempt S4U2Self to obtain claim information. ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index 56ba9ce742..b679530985 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -1,6 +1,6 @@ --- title: Network access Do not allow anonymous enumeration (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts and shares security policy setting. +description: Learn about best practices and more for the security policy setting, Network access Do not allow anonymous enumeration of SAM accounts and shares. ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index 0e3279dc6e..6ea98c4a06 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -1,6 +1,6 @@ --- title: Let Everyone permissions apply to anonymous users (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Let Everyone permissions apply to anonymous users security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Network access Let Everyone permissions apply to anonymous users. ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index cfb1f5e23c..ca8b104079 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -1,6 +1,6 @@ --- title: Network access Named Pipes that can be accessed anonymously (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Named Pipes that can be accessed anonymously security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Network access Named Pipes that can be accessed anonymously. ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index b052ac4ccf..4ac7af5f3c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -1,6 +1,6 @@ --- title: Network List Manager policies (Windows 10) -description: Network List Manager policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices. +description: Network List Manager policies are security settings that configure different aspects of how networks are listed and displayed on one device or on many devices. ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index c8d671e6b6..a88bb90887 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM in this domain (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM NTLM authentication in this domain security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Network Security Restrict NTLM NTLM authentication in this domain. ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 0e229ebce6..582a95f107 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM Outgoing traffic (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Outgoing NTLM traffic to remote servers security policy setting. +description: Learn about best practices, security considerations and more for the policy setting, Network Security Restrict NTLM Outgoing NTLM traffic to remote servers. ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index f055b88d86..a8d2183e51 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -1,6 +1,6 @@ --- title: Always sign SMBv1 network client communications (Windows 10) -description: For SMBv1 only, describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Microsoft network client Digitally sign communications (always). ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index 92e19e7cda..659b235720 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -1,6 +1,6 @@ --- title: Behavior of the elevation prompt for standard users (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for standard users security policy setting. +description: Learn about best practices, security considerations, and more for the policy setting, User Account Control Behavior of the elevation prompt for standard users. ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 47e4c3b995..77c4b06163 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -1,6 +1,6 @@ --- title: Only elevate UIAccess app installed in secure location (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate UIAccess applications that are installed in secure locations security policy setting. +description: Learn about best practices and more for the policy setting, User Account Control Only elevate UIAccess applications that are installed in secure locations. ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index 9c85a319b8..4a75974332 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -1,6 +1,6 @@ --- title: UAC Run all administrators in Admin Approval Mode (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Run all administrators in Admin Approval Mode security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, User Account Control Run all administrators in Admin Approval Mode. ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 6e9ba266d1..5ce47adcb7 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -1,6 +1,6 @@ --- title: Windows 10 Mobile security guide (Windows 10) -description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security. +description: The most important security features in the Windows 10 Mobile — identity access & control, data protection, malware resistance, and app platform security. ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index d1ec034818..539f6e5844 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 10/14/2019 +ms.date: 12/17/2019 ms.reviewer: manager: dansimp ms.custom: nextgen @@ -23,38 +23,31 @@ ms.custom: nextgen - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Next-generation protection includes services that use machine learning together with the cloud to protect devices in your enterprise organization. Next-generation protection services include: +Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include: -- [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), also known as "real-time protection", for advanced file and process behavior monitoring -- [Cloud-based delivery](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats -- [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) powered by machine-learning, big-data analysis, and in-depth threat resistance research +- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-windows-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware. +- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats. +- [Dedicated protection and product updates](manage-updates-baselines-windows-defender-antivirus.md). This includes updates related to keeping Windows Defender Antivirus up to date. >[!TIP] ->Visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how the following features work: ->- [Cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) ->- Fast learning (including [block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md)) ->- [Potentially unwanted application blocking](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -> -> For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp). +>Visit the [Microsoft Defender ATP demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios: +> - Cloud-delivered protection +> - Block at first sight (BAFS) protection +> - Potentially unwanted applications (PUA) protection ## Minimum system requirements -Windows Defender Antivirus is your main vehicle for next-generation protection, and it has the same hardware requirements as Windows 10. For more information, see: +Windows Defender Antivirus is your main vehicle for next-generation protection, and it has the same hardware requirements as of Windows 10. For more information, see: - [Minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) - [Hardware component guidelines](https://docs.microsoft.com/windows-hardware/design/component-guidelines/components) -## Configuring next-generation services +## Configure next-generation protection services -You can use the following to configure and manage next-generation services in Windows 10 while running Windows Defender Antivirus: +For information on how to configure next-generation protection services, see [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md). -- System Center Configuration Manager (as System Center Endpoint Protection, or SCEP) -- Microsoft Intune -- PowerShell -- Windows Management Instrumentation (WMI) -- Group Policy - -Configuration and management is largely the same in Windows Server 2016, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md). +> [!Note] +> Configuration and management is largely the same in Windows Server 2016, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md). ## Related topics @@ -63,5 +56,6 @@ Configuration and management is largely the same in Windows Server 2016, while r - [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) - [Enable cloud protection](enable-cloud-protection-windows-defender-antivirus.md) - [Configure real-time protection](configure-real-time-protection-windows-defender-antivirus.md) -- [Configure cloud block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) +- [Enable block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) +- [Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) - [Create and deploy cloud-protected antimalware policies](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 2147e2fe3f..acfdd8e57d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -1,6 +1,6 @@ --- title: Document your AppLocker rules (Windows 10) -description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. +description: Learn how to document your Applocker rules with this planning guide. Associate rule conditions with files, permissions, rule source, and implementation. ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index b86dfe2687..133cd1426f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Audit Windows Defender Application Control policies (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Audits allow admins to discover apps that were missed during an initial policy scan and to identify new apps that were installed since the policy was created. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index 9d7b5e5f7c..9e6f941382 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Create a code signing cert for Windows Defender Application Control (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Learn how to set up a publicly-issued code signing certificate, so you can sign catalog files or WDAC policies internally. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: @@ -95,7 +95,8 @@ Now that the template is available to be issued, you must request one from the c 6. Enroll and finish. -> **Note**  If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client. +>[!NOTE] +>If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client. This certificate must be installed in the user’s personal store on the computer that will be signing the catalog files and code integrity policies. If the signing is going to be taking place on the computer on which you just requested the certificate, exporting the certificate to a .pfx file will not be required because it already exists in your personal store. If you are signing on another computer, you will need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps: diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index bf0bb97074..f707f7a7bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -1,6 +1,6 @@ --- title: Create a WDAC policy for fixed-workload devices using a reference computer (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: To create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within your organization, follow this guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 586cf70292..765289825b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Deploy catalog files to support Windows Defender Application Control (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -17,7 +17,7 @@ manager: dansimp ms.date: 02/28/2018 --- -# Deploy catalog files to support Windows Defender Application Control +# Deploy catalog files to support Windows Defender Application Control **Applies to:** @@ -80,7 +80,8 @@ To create a catalog file, you use a tool called **Package Inspector**. You must `PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName` -> **Note**  Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values. +>[!NOTE] +>Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values. When finished, the files will be saved to your desktop. You can double-click the \*.cat file to see its contents, and you can view the \*.cdf file with a text editor. @@ -129,9 +130,10 @@ To sign the existing catalog file, copy each of the following commands into an e ` sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName` - > **Note**  The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. + >[!NOTE] + >The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. > - > **Note**  For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). + >For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). 4. Verify the catalog file digital signature. Right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. @@ -219,7 +221,8 @@ Before you begin testing the deployed catalog file, make sure that the catalog s As an alternative to Group Policy, you can use System Center Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, System Center Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: -> **Note**  The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. +>[!NOTE] +>The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. 1. Open the Configuration Manager console, and select the Software Library workspace. @@ -293,7 +296,8 @@ Before you begin testing the deployed catalog file, make sure that the catalog s When catalog files have been deployed to the computers within your environment, whether by using Group Policy or System Center Configuration Manager, you can inventory them with the software inventory feature of System Center Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. -> **Note**  A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. +>[!NOTE] +>A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. 1. Open the Configuration Manager console, and select the Administration workspace. @@ -315,7 +319,8 @@ When catalog files have been deployed to the computers within your environment, 6. In the **Name** box, type a name such as **\*Contoso.cat**, and then click **Set**. - > **Note**  When typing the name, follow your naming convention for catalog files. + >[!NOTE] + >When typing the name, follow your naming convention for catalog files. 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}** in the box, as shown in Figure 10. @@ -337,7 +342,8 @@ At the time of the next software inventory cycle, when the targeted clients rece 4. In Resource Explorer, navigate to Software\\File Details to view the inventoried catalog files. -> **Note**  If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan. +>[!NOTE] +>If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 781b9fd9be..5c089e58ac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -1,6 +1,6 @@ --- title: Deploy WDAC policies via Group Policy (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 0b5a8c1c75..176f9a041b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -1,6 +1,6 @@ --- title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -27,7 +27,8 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. Using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. + +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. By using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps as defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -37,7 +38,7 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( 4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. + - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. ![Configure WDAC](images/wdac-intune-wdac-settings.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 7d5a20d2d6..ea8808ca7f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Enforce Windows Defender Application Control (WDAC) policies (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Learn how to test a Windows Defender Application Control (WDAC) policy in enforced mode by following these steps in an elevated Windows PowerShell session. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index 022007f730..e702402c80 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Manage packaged apps with WDAC (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index ef1a7fdc46..ef6e327975 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Merge Windows Defender Application Control policies (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. Learn how with this guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index 22a50b0c24..74f69040e8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -1,6 +1,6 @@ --- title: Query Application Control events with Advanced Hunting (Windows 10) -description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. +description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index e35f247793..76cec7912f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -1,6 +1,6 @@ --- title: Use code signing to simplify application control for classic Windows applications (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index bb2b9834f3..5e852821b5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -1,6 +1,6 @@ --- title: Use the Device Guard Signing Portal in the Microsoft Store for Business (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 2151bc0de5..c5bb40be7e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -1,6 +1,6 @@ --- title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: @@ -44,7 +44,7 @@ $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -A New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` -As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specifed application: +As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: ``` $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe' diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index d4aae3c31c..7cfd7c2c0d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -1,6 +1,6 @@ --- title: What's new in Windows 10, versions 1507 and 1511 (Windows 10) -description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile. +description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 (versions 1507 and 1511) and Windows 10 Mobile. ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6 ms.reviewer: ms.prod: w10 @@ -143,7 +143,7 @@ The logon event ID 4624 has been updated to include more verbose information to A list of all of the groups in the user's token. 6. **RestrictedAdminMode** String: yes or no If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. - For more info on restricted admin mode, see [Restricted Admin mode for RDP](http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). + For more information about restricted admin mode, see [Restricted Admin mode for RDP](https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). ##### New fields in the process creation event @@ -216,7 +216,8 @@ Some things that you can check on the device are: - Is BitLocker Drive Encryption supported and enabled? - Is SecureBoot supported and enabled? -> **Note**  The device must be running Windows 10 and it must support at least TPM 2.0. +>[!NOTE] +>The device must be running Windows 10 and it must support at least TPM 2.0. [Learn how to deploy and manage TPM within your organization](/windows/device-security/tpm//trusted-platform-module-overview). @@ -279,8 +280,8 @@ Enterprises have the following identity and management choices. | Grouping | Domain join; Workgroup; Azure AD join | | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | - > **Note**   -With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). +>[!NOTE]   +>With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). ### Device lockdown diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 4a42f3e98b..f27cc65739 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -1,6 +1,6 @@ --- title: What's new in Windows 10, version 1607 (Windows 10) -description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile. +description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 (version 1607) and Windows 10 Mobile. keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"] ms.prod: w10 ms.mktglfcycl: deploy