From 0943e65daeca3fd182ae64e02469b69c57559cd4 Mon Sep 17 00:00:00 2001 From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com> Date: Tue, 20 Feb 2018 11:39:22 +0100 Subject: [PATCH 01/17] Update online-deployment-surface-hub-device-accounts.md Updated documentation for: new azure AD PowerShell module update 2 commands for Skype Improved prereq with download link. --- ...-deployment-surface-hub-device-accounts.md | 40 +++++++++++++------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index 6dc990e855..f8dd53e34e 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -25,7 +25,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow Be sure you have the right permissions set to run the associated cmdlets. ```PowerShell - Set-ExecutionPolicy Unrestricted + Set-ExecutionPolicy RemoteSigned $org='contoso.microsoft.com' $cred=Get-Credential admin@$org $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection @@ -70,37 +70,52 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow ``` 5. Connect to Azure AD. - + + You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command : + + ```PowerShell + Install-Module -Name AzureAD + ``` You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect. ```PowerShell - Connect-MsolService -Credential $cred + Import-Module AzureAD + Connect-AzureAD -Credential $cred ``` 6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. ```PowerShell - Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -PasswordNeverExpires $true + Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration" ``` 7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online). - Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant. + Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*). + Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. ```PowerShell - Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation "US" - Get-MsolAccountSku - Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense + Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" + + Get-AzureADSubscribedSku | Select Sku*,*Units + $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense + $License.SkuId = SkuId You selected + + $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses + $AssignedLicenses.AddLicenses = $License + $AssignedLicenses.RemoveLicenses = @() + + Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses ``` 8. Enable the device account with Skype for Business. + If you do not have the Skype for Business Powershell module installed, you can download it [here](http://go.microsoft.com/fwlink/?LinkId=294688). - Start by creating a remote PowerShell session from a PC. ```PowerShell - Import-Module LyncOnlineConnector + Import-Module SkypeOnlineConnector $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber ``` @@ -108,12 +123,13 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*): ```PowerShell - Get-CsOnlineUser -Identity ‘alice@contoso.com’| fl *registrarpool* + (Get-CsTenant).TenantPoolExtension ``` OR by setting a variable ```PowerShell - $strRegistrarPool = (Get-CsOnlineUser -Identity ‘alice@contoso.com’).RegistrarPool + $strRegistrarPool = (Get-CsTenant).TenantPoolExtension + $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1) ``` - Enable the Surface Hub account with the following cmdlet: From 5f40eb058946949aca8ad3e340242ce65b603214 Mon Sep 17 00:00:00 2001 From: Eric Scherlinger <35633680+ericsche@users.noreply.github.com> Date: Tue, 20 Feb 2018 18:14:39 +0100 Subject: [PATCH 02/17] Update hybrid-deployment-surface-hub-device-accounts.md Updated for Azure AD plus optimized some commands --- ...-deployment-surface-hub-device-accounts.md | 117 +++++++++++------- 1 file changed, 72 insertions(+), 45 deletions(-) diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index 1281d6ae51..7eb0a87af9 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -38,11 +38,11 @@ Use this procedure if you use Exchange on-premises. -3. Enable the remote mailbox. +2. Enable the remote mailbox. Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet. - ```ps1 + ```PowerShell Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room ``` >[!NOTE] @@ -54,7 +54,7 @@ Use this procedure if you use Exchange on-premises. > >msExchRecipientTypeDetails = 8589934592 -2. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online. +3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online. 4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365. @@ -62,8 +62,8 @@ Use this procedure if you use Exchange on-premises. The next steps will be run on your Office 365 tenant. - ```ps1 - Set-ExecutionPolicy Unrestricted + ```PowerShell + Set-ExecutionPolicy RemoteSigned $cred=Get-Credential -Message "Please use your Office 365 admin credentials" $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $sess @@ -77,13 +77,13 @@ Use this procedure if you use Exchange on-premises. If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - ```ps1 + ```PowerShell $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false ``` Once you have a compatible policy, then you will need to apply the policy to the device account. - ```ps1 + ```PowerShell Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id ``` @@ -91,31 +91,44 @@ Use this procedure if you use Exchange on-premises. Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - ```ps1 + ```PowerShell Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!' ``` 7. Connect to Azure AD. + You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command : + ```PowerShell + Install-Module -Name AzureAD + ``` + You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect. - ```ps1 - Connect-MsolService -Credential $cred + ```PowerShell + Import-Module AzureAD + Connect-AzureAD -Credential $cred ``` - 8. Assign an Office 365 license. The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account. + + You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant. + Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. - Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*). - - ```ps1 - Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US' - Get-MsolAccountSku - Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense + ```PowerShell + Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" + + Get-AzureADSubscribedSku | Select Sku*,*Units + $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense + $License.SkuId = SkuId You selected + + $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses + $AssignedLicenses.AddLicenses = $License + $AssignedLicenses.RemoveLicenses = @() + + Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses ``` Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid). @@ -144,25 +157,25 @@ The following table lists the Office 365 plans and Skype for Business options. 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment. - ```ps1 - Import-Module LyncOnlineConnector + ```PowerShell + Import-Module SkypeOnlineConnector $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber ``` 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - ```ps1 + ```PowerShell Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName ``` If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - ```ps1 + ```PowerShell Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool* ``` -2. Assign Skype for Business license to your Surface Hub account. +3. Assign Skype for Business license to your Surface Hub account. Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device. @@ -215,10 +228,10 @@ Use this procedure if you use Exchange online. Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets. - ```ps1 - Set-ExecutionPolicy Unrestricted + ```PowerShell + Set-ExecutionPolicy RemoteSigned $cred=Get-Credential -Message "Please use your Office 365 admin credentials" - $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection + $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $sess ``` @@ -228,13 +241,13 @@ Use this procedure if you use Exchange online. If you're changing an existing resource mailbox: - ```ps1 + ```PowerShell Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) ``` If you’re creating a new resource mailbox: - ```ps1 + ```PowerShell New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) ``` @@ -246,13 +259,13 @@ Use this procedure if you use Exchange online. If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - ```ps1 + ```PowerShell $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false ``` Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too. - ```ps1 + ```PowerShell Set-Mailbox 'HUB01@contoso.com' -Type Regular Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id Set-Mailbox 'HUB01@contoso.com' -Type Room @@ -264,7 +277,7 @@ Use this procedure if you use Exchange online. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - ```ps1 + ```PowerShell Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" ``` @@ -294,24 +307,38 @@ Use this procedure if you use Exchange online. 7. Connect to Azure AD. + You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command : + + ```PowerShell + Install-Module -Name AzureAD + ``` You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect. - ```ps1 - Connect-MsolService -Credential $cred + ```PowerShell + Import-Module AzureAD + Connect-AzureAD -Credential $cred ``` 8. Assign an Office 365 license. The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account. - Next, you can use `Get-MsolAccountSku` to retrieve a list of available SKUs for your O365 tenant. + Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - Once you list out the SKUs, you can add a license using the `Set-MsolUserLicense` cmdlet. In this case, `$strLicense` is the SKU code that you see (for example, *contoso:STANDARDPACK*). + Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. - ```ps1 - Set-MsolUser -UserPrincipalName 'HUB01@contoso.com' -UsageLocation 'US' - Get-MsolAccountSku - Set-MsolUserLicense -UserPrincipalName 'HUB01@contoso.com' -AddLicenses $strLicense + ```PowerShell + Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" + + Get-AzureADSubscribedSku | Select Sku*,*Units + $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense + $License.SkuId = SkuId You selected + + $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses + $AssignedLicenses.AddLicenses = $License + $AssignedLicenses.RemoveLicenses = @() + + Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses ``` Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid). @@ -323,22 +350,22 @@ In order to enable Skype for Business, your environment will need to meet the [p 1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC. - ``` - Import-Module LyncOnlineConnector + ```PowerShell + Import-Module SkypeOnlineConnector $cssess=New-CsOnlineSession -Credential $cred Import-PSSession $cssess -AllowClobber ``` 2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - ``` + ```PowerShell Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName ``` If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - ``` + ```PowerShell Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool* ``` @@ -368,7 +395,7 @@ For validation, you should be able to use any Skype for Business client (PC, And To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run: -``` +```PowerShell Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName ``` @@ -383,7 +410,7 @@ In a hybrid Skype environment, you have to create the user on-premises first, th In order to have a functional Surface Hub account in a Skype hybrid configuration, create the Skype account as a normal user type account, instead of creating the account as a meetingroom. First follow the Exchange steps - either [online](#exchange-online) or [on-premises](#exchange-on-premises) - and, instead of enabling the user for Skype for Business Online as described, [enable the account](https://technet.microsoft.com/library/gg398711.aspx) on the on-premises Skype server: -``` +```PowerShell Enable-CsUser -Identity 'HUB01@contoso.com' -RegistrarPool "registrarpoolfqdn" -SipAddressType UserPrincipalName ``` From 4922fc4dfe824d5f398c913e1806d94aa3e8d858 Mon Sep 17 00:00:00 2001 From: Zach Dvorak Date: Tue, 20 Feb 2018 14:19:35 -0800 Subject: [PATCH 03/17] Update upgrade-readiness-additional-insights.md Removed a line due to policy change. --- .../deployment/upgrade/upgrade-readiness-additional-insights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 5c45338c1d..858aed34fc 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -18,7 +18,7 @@ This topic provides information on additional features that are available in Upg The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. > [!NOTE] -> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. +> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. ### Install prerequisite security update for Internet Explorer From ea8569bf2862cd826e5823c10727c70845336c66 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 20 Feb 2018 22:26:50 +0000 Subject: [PATCH 04/17] Merge endpoints-typo to master --- windows/configuration/manage-windows-endpoints-version-1709.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/configuration/manage-windows-endpoints-version-1709.md b/windows/configuration/manage-windows-endpoints-version-1709.md index 1c52da910b..1ce981a341 100644 --- a/windows/configuration/manage-windows-endpoints-version-1709.md +++ b/windows/configuration/manage-windows-endpoints-version-1709.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high author: brianlic-msft -ms.author: brianlic-msft +ms.author: brianlic ms.date: 11/21/2017 --- # Manage Windows 10 connection endpoints @@ -318,7 +318,6 @@ If you turn off traffic for these endpoints, users won't be able to save documen | system32\Auth.Host.exe | HTTPS | outlook.office365.com | The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. -ently used documents. | Source process | Protocol | Destination | |----------------|----------|------------| From 5df2df1d76162ced61274a4d771d14e528bdbe3b Mon Sep 17 00:00:00 2001 From: Ryan Bijkerk Date: Wed, 21 Feb 2018 12:43:03 +0100 Subject: [PATCH 05/17] Update mandatory-user-profile.md The package also needs to be removed for all users otherwise the error will remain during the sysprep. --- windows/client-management/mandatory-user-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index e77a3132db..675af55231 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -89,7 +89,7 @@ First, you create a default user profile with the customizations that you want, >![Microsoft Bing Translator package](images/sysprep-error.png) - >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. + >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. From a58bfa63afd8b14dbfb378490db586926957f40f Mon Sep 17 00:00:00 2001 From: Michael Gruben-Trejo Date: Wed, 21 Feb 2018 06:53:25 -0800 Subject: [PATCH 06/17] Use Full Path for Security Options Previously, the path to "Security Options" was defined as `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options`. However, there is no such path. There is a path `Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options`, at which interactive logon settings may be found. Accordingly, add `Policies` to the path to complete the path. --- ...ve-logon-prompt-user-to-change-password-before-expiration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md index 86e3a1b15f..b32948c986 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md @@ -34,7 +34,7 @@ The **Interactive logon: Prompt user to change password before expiration** poli ### Location -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options +Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options ### Default values From e8864b39a9690847886651ec8d97fab174112c61 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 21 Feb 2018 17:05:24 +0000 Subject: [PATCH 07/17] Merged PR 5953: Update link, ms.date, change history Surface Hub --- devices/surface-hub/change-history-surface-hub.md | 2 ++ .../hybrid-deployment-surface-hub-device-accounts.md | 2 +- .../online-deployment-surface-hub-device-accounts.md | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index efa2e4ddcf..b82d427482 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -21,6 +21,8 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac New or changed topic | Description --- | --- [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Updated instructions for custom settings using Microsoft Intune. +[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts. +| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts. ## January 2018 diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index 7eb0a87af9..de3ffd59ee 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 10/20/2017 +ms.date: 02/21/2018 ms.localizationpriority: medium --- diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index f8dd53e34e..6a314c317a 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 08/29/2017 +ms.date: 02/21/2018 ms.localizationpriority: medium --- @@ -110,7 +110,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow ``` 8. Enable the device account with Skype for Business. - If you do not have the Skype for Business Powershell module installed, you can download it [here](http://go.microsoft.com/fwlink/?LinkId=294688). + If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). - Start by creating a remote PowerShell session from a PC. From aff295986489ef8325cedafb8b67054ce6fe7e15 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 21 Feb 2018 20:28:44 +0000 Subject: [PATCH 08/17] Merged PR 5958: New Display policies added to Policy CSP --- ...ew-in-windows-mdm-enrollment-management.md | 9 + .../policy-configuration-service-provider.md | 9 + .../mdm/policy-csp-display.md | 187 +++++++++++++++++- 3 files changed, 204 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 8fdf97effb..05aa518a5f 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1403,6 +1403,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware + +[Policy CSP](policy-configuration-service-provider.md) +

Added the following new policies for Windows 10, next major update:

+
    +
  • Display/DisablePerProcessDpiForApps
    • +
  • Display/EnablePerProcessDpi
    • +
  • Display/EnablePerProcessDpiForApps
    • +
      + [VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)

      Updated the XSD and Plug-in profile example for VPNv2 CSP.

      diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 07dec60956..3791a903e5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -943,6 +943,15 @@ The following diagram shows the Policy configuration service provider in tree fo ### Display policies
      +
      + Display/DisablePerProcessDpiForApps +
      +
      + Display/EnablePerProcessDpi +
      +
      + Display/EnablePerProcessDpiForApps +
      Display/TurnOffGdiDPIScalingForApps
      diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index fbfc7878d5..481bc438d3 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,12 +6,14 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/30/2018 +ms.date: 02/05/2018 --- # Policy CSP - Display +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
      @@ -19,6 +21,15 @@ ms.date: 01/30/2018 ## Display policies
      +
      + Display/DisablePerProcessDpiForApps +
      +
      + Display/EnablePerProcessDpi +
      +
      + Display/EnablePerProcessDpiForApps +
      Display/TurnOffGdiDPIScalingForApps
      @@ -28,6 +39,180 @@ ms.date: 01/30/2018
      +
      + + +**Display/DisablePerProcessDpiForApps** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      check mark4check mark4check mark4check mark4check mark4cross markcross mark
      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
      + + + +This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value. + + + + + + + + + + + + + +
      + + +**Display/EnablePerProcessDpi** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      check mark4check mark4check mark4check mark4check mark4cross markcross mark
      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +> * Device + +
      + + + +Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until you log out and back in to Windows. + +When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. + +Be aware of the following: + +Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display that has the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. + +Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. + +In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled. + +Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system. + + + +The following list shows the supported values: + +- 0 - Disable. +- 1 - Enable. + + + + + + + + + + + +
      + + +**Display/EnablePerProcessDpiForApps** + + + + + + + + + + + + + + + + + + + + + +
      HomeProBusinessEnterpriseEducationMobileMobile Enterprise
      check mark4check mark4check mark4check mark4check mark4cross markcross mark
      + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
      + + + +This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value. + + + + + + + + + + + + +
      From 667bdfe3ed40c3655ede4cde1cae30f2d1d57a60 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 21 Feb 2018 13:56:23 -0800 Subject: [PATCH 09/17] added Failure audit recommendation for security group management --- .../auditing/audit-security-group-management.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 6f5966a3e8..20caac1504 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -31,9 +31,9 @@ This subcategory allows you to audit events generated by changes to security gro | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| +| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| +| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
      We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| **Events List:** From 68c0ed8af8ebefc736d8a48eb7d9c5757afea3e5 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 21 Feb 2018 14:04:05 -0800 Subject: [PATCH 10/17] added change history --- .../threat-protection/change-history-for-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index 4fd99aa471..3355ac2827 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc New or changed topic | Description ---------------------|------------ [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline. +[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events. ## January 2018 |New or changed topic |Description | From 4d52270ef7bf28272a70dbc31d23344ff55500c1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 21 Feb 2018 14:25:00 -0800 Subject: [PATCH 11/17] added change history --- .../threat-protection/change-history-for-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index 3355ac2827..4c10382574 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -17,7 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc New or changed topic | Description ---------------------|------------ [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline. -[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events. +[Audit security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events. ## January 2018 |New or changed topic |Description | From 718eb8f492976ee7607443f51b2634521e348437 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 21 Feb 2018 17:03:32 -0800 Subject: [PATCH 12/17] added new bypass xml --- ...oy-windows-defender-application-control.md | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index 1475541a41..be8ccb2590 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -147,6 +147,7 @@ Microsoft recommends that you block the following Microsoft-signed applications + @@ -437,7 +438,18 @@ Microsoft recommends that you block the following Microsoft-signed applications - + + + + + + + + + + + + @@ -480,6 +492,7 @@ Microsoft recommends that you block the following Microsoft-signed applications + @@ -754,6 +767,14 @@ Microsoft recommends that you block the following Microsoft-signed applications + + + + + + + + From 494057030a7a36b49225852e27922765954e9e3a Mon Sep 17 00:00:00 2001 From: Zach Dvorak Date: Thu, 22 Feb 2018 11:40:26 -0800 Subject: [PATCH 13/17] Update upgrade-readiness-requirements.md Updating to indicate that UR works in all OMS regions. --- windows/deployment/upgrade/upgrade-readiness-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index aaea599116..023c8405c5 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -82,7 +82,7 @@ Before you get started configuring Upgrade Anatlyics, review the following tips **Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. -**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. +**In-region data storage requirements.** Windows diagnostic data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. Upgrade Readiness is supported in all OMS regions; however, selecting an international OMS region does not prevent diagnostic data from being sent to and processed in Microsoft's secure data centers in the US. ### Tips From 0eef4033d6ee995f3c0e49281696a891d729e51e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 22 Feb 2018 19:59:00 +0000 Subject: [PATCH 14/17] Merged PR 5975: Added another three codes to known fixes Added another three codes to known fixes, from a customer report. --- .../resolve-windows-10-upgrade-errors.md | 37 ++++++++++++++++++- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 16de770ebb..d3d5edf9a2 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.date: 01/26/2018 +ms.date: 02/22/2018 ms.localizationpriority: high --- @@ -657,7 +657,7 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
      Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. -
      See the following general troubleshooting procedures associated with a result code of 0x800xxxxx: +
      See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:

      @@ -694,6 +694,39 @@ This error has more than one possible cause. Attempt [quick fixes](#quick-fixes) + + + + + - - - - - -
      + +
      Code +
      + +0x80073BC3 - 0x20009
      +0x8007002 - 0x20009
      +0x80073B92 - 0x20009 + +
      + +
      +
      Cause +
      + +The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria. + +
      +      		 + + +
      Mitigation +
      + +These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition. + +
      +
      + + + +
      Code
      From 210971689632c35179eb65e24f6c5d9907da87fd Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 22 Feb 2018 23:57:57 +0000 Subject: [PATCH 15/17] Merged PR 5981: AssignedAccess CSP - added new settings and examples --- .../mdm/assignedaccess-csp.md | 607 +++++++++++++++++- .../mdm/assignedaccess-ddf.md | 87 ++- .../provisioning-csp-assignedaccess.png | Bin 16260 -> 9869 bytes ...ew-in-windows-mdm-enrollment-management.md | 22 +- 4 files changed, 687 insertions(+), 29 deletions(-) diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md index fb0f0a1d5b..99f4d3a1a1 100644 --- a/windows/client-management/mdm/assignedaccess-csp.md +++ b/windows/client-management/mdm/assignedaccess-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/03/2017 +ms.date: 02/22/2018 --- # AssignedAccess CSP @@ -70,6 +70,53 @@ Supported operations are Add, Get, Delete, and Replace. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout). +**./Device/Vendor/MSFT/AssignedAccess/Status** +Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload. + +In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. + +|Status |Description | +|---------|---------|---------| +| KioskModeAppRunning | This means the kiosk app is running normally. | +| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. | +| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. | + +Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. + + +|Status code | KioskModeAppRuntimeStatus | +|---------|---------| +| 1 | KioskModeAppRunning | +| 2 | KioskModeAppNotFound | +| 3 | KioskModeAppActivationFailure | + + +Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error. + +Supported operation is Get. + +**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher** +Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema. + +**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration** +Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema. + +By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node. + +Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. + +This MDM alert header is defined as follows: + +- MDMAlertMark: Critical +- MDMAlertType: "com.microsoft.mdm.assignedaccess.status" +- MDMAlertDataType: String +- Source: "./Vendor/MSFT/AssignedAccess" +- Target: N/A + +> [!Note] +> MDM alert will only be sent for errors. + + ## KioskModeApp examples KioskModeApp Add @@ -160,32 +207,29 @@ KioskModeApp Replace elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" + xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config" targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config" > - - - - - - + + + + + - - - - - - - - - - - + + + + + + + + @@ -193,6 +237,10 @@ KioskModeApp Replace + + + + @@ -235,22 +283,64 @@ KioskModeApp Replace - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + ``` ## Example AssignedAccessConfiguration XML @@ -560,3 +650,480 @@ Example of the Delete command. ``` + +## StatusConfiguration XSD + +``` syntax + + + + + + + + + + + + + + + + + + + + +``` + +## StatusConfiguration example + +StatusConfiguration Add OnWithAlerts + +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + chr + + + + + OnWithAlerts + + ]]> + + + + + + +``` + + +StatusConfiguration Delete +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + + + + +``` + +StatusConfiguration Get + +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + + + + +``` + +StatusConfiguration Replace On + +```syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration + + + chr + + + + + On + + ]]> + + + + + + +``` + +## Status example + +Status Get +``` syntax + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/Status + + + + + + +``` + +## ShellLauncherConfiguration XSD + +``` syntax + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## ShellLauncherConfiguration examples + +ShellLauncherConfiguration Add +``` + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/ShellLauncher + + + chr + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + +``` + +ShellLauncherConfiguration Add AutoLogon +``` + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/ShellLauncher + + + chr + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + +``` + +ShellLauncherConfiguration Get +``` + + + + 2 + + + ./Device/Vendor/MSFT/AssignedAccess/ShellLauncher + + + + + + +``` + +## AssignedAccessAlert XSD + +```syntax + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 564378ac63..4d6da38792 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -7,12 +7,15 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 02/22/2018 --- # AssignedAccess DDF +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML. You can download the DDF files from the links below: @@ -20,7 +23,7 @@ You can download the DDF files from the links below: - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) -The XML below is for Windows 10, version 1709. +The XML below is for Windows 10, version 1803. ``` syntax @@ -48,7 +51,7 @@ The XML below is for Windows 10, version 1709. - com.microsoft/1.1/MDM/AssignedAccess + com.microsoft/2.0/MDM/AssignedAccess @@ -111,6 +114,84 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu + + Status + + + + + This read only node contains kiosk health event xml + + + + + + + + + + + + + + text/plain + + + + + ShellLauncher + + + + + + + + This node accepts a ShellLauncherConfiguration xml as input. Please check out samples and required xsd on MSDN. + + + + + + + + + + + + + + text/plain + + + + + StatusConfiguration + + + + + + + + This node accepts a StatusConfiguration xml as input. Please check out samples and required xsd on MSDN. + + + + + + + + + + + + + + text/plain + + + ``` diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png index c8db9ee05950a8433af51bb4d0fd7e7375900567..b1ebee57d9d6b1070bfd6fee0dcf84691277910e 100644 GIT binary patch literal 9869 zcmb_?cU+Urwr&s=MWjiQt^uTj^bUfF^xmW+C`i}PJBmmLL+>a>YCxohs?tK2-UL1& z^d+k2niJ->U;Is5!Ucr%$XqQaFdXh5Cj6F}w}nAD)Z0f;_0SkA4OCa@j^sO%4PqkGXO3;BwtFCcII(RwVY^1%}m#r?V36G=u;RO=!R%i%`ji<#&cD>E0RCIEqk-_pZp z8@ybcnsDttd@`cAeGP`m>iLl~$UUi5frE{KEcGm}g&)BcfP4{ZK=Lri9Iax|BtDRO zx&Uw9b6R*)aB|ekl;xClu+}B)f&_scJg0{TU>CmGZ{b!t#~AmVX5X-AC3V2}NqkR7 z@)xu5K!NXb!DsG=Ye^coul4q~V(AuO*aZ;C?Mvv%D8e|viNT6b-8-^Qclb&UZ`$$^ zFhKJ*yg$PkHy5=r)9d}c(nca91!wkTJkml5UtOz($w~mR{9YYxpV~XRKvvaUsWB-zMlLLP?bU+W&s~F)E#>$zMH9on0M&H1APO7&(IYy0Y1C=Gt%CFtv8GtO1PUuOUv1P zO)ioVe2*GpwVn31*Q|=Z#$|m6Zp@{swjOnFt-;-jgX)uvsi(X_VV1_^_;L9ZN8u`$ z&+KWIIj=t%f*b^TeFyBEk#RV&CcC>ifd9xnYFnSL_$CL91@mJbY^=%I3ej2$7BpYW z73uHvISM=GHUH%_H_xGCXO=SR0a`Wy=WOJ%x_1fm;C}TFq|1`(n)KFH=@(De(wEs3 z=%W31Wu`1BmeXXab0p(O_-nqC6;-fMI){IQ56R{JvNWE-d(Q3mk)$Rmnr9r$XB0W( zRg+`Z*Zk_Tjhh zKr%%vUrLBXb>--kzvqt|xyR78RiGngv`JgSvA*;(PeoZ4qEY9$5eM^8RXT~qS;egr z&d0iD%sEfDlOdzyudPH5PJhef-OAVE52Xj);Wi#NeLNk}SifVj&6AK51@VXdb!$(} z@!zm*hn;fp|7Z#Frw){i3@z7&Nx-KhJ zc3sV-u0Be|!4YL^Co^3$E;^QILn!0qAyEX|Xge8rO7Efcvhr~7EP;!s$2c~ADb&Px zG?Gu-Aa?;vh%oepFO`1xEH|2e*_c^!Aezh~4!VT)(E)eJr5g21X zR@&&h>b1o$$uZil+kFDSxZ2E~70$BMx(R2dBCb3CJW%os!J*|9>Pl%Y_;e*~lA*BGuR55Qc{n{MHbxc=` zg8y`r9kMY)`s2J^aRB_VN1`aH`FhVb5g!7yxM=zte)Uyk`5`TM834mo;KW2lMPUz9 zOr3G9_0Mk2K^uQc?hhC;7U6@2U+JR5>piyo54Mp3J|3b0$?51vrnmXBj#}DOb{^A% z-ro}g#~i@6F~=LSXV_(p0dXbF@CV1{fa4UwjiFiI07qU55U2o89BfchRu%xjEMOG7 zDF$X@SniZx4bm=w;0wsb_^?@in(EGms zW*27C!;Pt$vC+{|(|YSBQp$UgBO`ilc)ti1K<{aRS<=`rk{+ABdwbLyB-R==v(hp? z=mnjApMat_s){q2;<>zm`aW0yc-O|t($?@n??p+ys6~{}5wpHti|Z@Y(Xz)RApvOI zS51NP!`|KK6~VIf`WIO2#?+!b9%%V0c=vG>NRte*Ueq6F{9ae(9tM=FNxm zLmRgOOp(^5w?Tp0fY`TO|9W&Dw=9={=pv0deYH@mvRH=)V!sOacv1^C@OjCt?%lIJ z!EA4Dzc>iAgMju>@L9KcB1z_{!Irg}qLx4Qh@`(Kqse6{8W{)zVIH7OZzrNgHV%3w zhJ1Nvq&HI3ZLFIO#0n2vw$05>Vad%v*qSE*miq~EIx=S7@Z!X9ON2pSuKPT=n9oRS z(AR4rteiV3z4k^#BsH3_%PAshFc3RFF!y7ybHIJ$;UtX|Dl} z$ZU_DtKFk3Vk#X}zHsW&QAQq~ekv-}$*G8&nE_%aIaq=UYrPBMG-a8_T3{xrW{HEJ zui}my=v-?d*&`j6-yc_EU&cFxsdK}$_Ns!}a=+Wsgbk%DTQNgT8R-m4(sdYDW~scs z+D#9jC+aIZ&!z7G(({QO?K7ZgkmfZo-@LiH>2|yc4;bTN&kW<&w^ZIvhnMqM$2o+x zhDzm(93X4_9Hcq-)e5hU<(qj8$|w)m;Rakk2SekqCze6yr|wuqCJv%_jZ%<9Fe183 zhnf8%xdnz;Fx`o}mCSsk$QYrWo{dbZ($O_aR^!J)g~Qlg%b*a2HIODTnCXh!(KFGP zdUl2h>%98V$Ym-c)@szP5`Lc_@Q&>+1{&%z5sylTCj+_e%H|HgPKMF~M9&7qcXY0T zP=P1~h`rO|QrTIQM+`BkLY!8~(uk6B)N@GbTjd&zJ0YaBJ1(Xe5sE-$G=j~ZOxR@% z>~{S8ILgDFI;<>=i{U)kvbk6Uned@}vZvq%#cIcx;Bi|j$6T93m}Kbw4@svxn?1LX zg`Y#aqnh2q=+iKtN4m=Q6z@1D^7N!tE>Y7-ZPjQX%F5E7;enn$Kr_oXWmowfT@bCI z-Y8aG28HpbVu!e?eqZmyTP`>8Kwc+OV_kK1yK_GN17T9}H*81qLisYr!b>2~cfnBlZ$SWl zat5L9N&(3FUf|zsct~;B)fIj?rxSRJge`Od!~mHLqP+wT`9-9KM(B4R$FaQG%^a%O zDn%etBCfx`dk1!{{{?gt=cp;~eZHwsdRhXY_Z^sa+#T3+@WpbJ)Lx@LgaJKCz-+?T z!6ElvpRYE3m?e}x_1bx7Oy*8&IbFsL$FdjWw*5cWde-*|*#J=&zebj$_W3+EdA1@o zJj|9M`Eypq4g2T_6Kj5E$puO3#N3niR~b%TNxQr-Tf>duVWB_cRNtbi8lrSW70^w7 z3w|vlbSi0VFyXD>h4RTJ=HE*bybewZ@()gpvxM_8Y3dnJXDW6l#5mKBmx(N-v0&y2 zN|h^4ScU(V7}<#0V|G%A3j51#_o`|2@Mfum_X~!$$u2tkaD^!3kRi8CvAo_IfE~Hn z3PTG3S~&J4wpc-KA%1?xKZCqj#Qq3Xhk;bS!27)ZDv`tH+g4Rs9Y+)Jq7#p zn`-|@ZNE5i1ymDa(6 zN%8GvEi#OBzqfO?i*ENQS;I34T#ScnXaF}kC zTub{=RGD3a%lY1rSws| zwjz%uin(E^=kRtQ06Q&|NZRmscH&1fhfhMK2906K*A#B_=t3STztPrxmNXTVK$Kv~ zp;8kgsp3_7Wr%oNca(JX{t5+k5|MGGe7#grsK%Ul@Jb;}r=T&Zto7EkF*Smc%M_nQ{)Z6nck)T9ikXPuXu2KbFYlA)GX(+=hs=%9|KTISdeP zh{*dhx#fx;X{iZB2vuL@`H~?oAt~t1MMrRP^l_>k!19^y8YpKpfrVI;{vO$gA<5LZc4^ieC1Xyj0~p(puU z+HG*Zr@T}yB90z1elwz|0rMvI19yq#%DZaz=VhT+GpmhkR4BGVZ7o!Y?^%=5qVsAR zP*c6UV{yOm-R|Q~_6ClI1kZdcybIX2o2VE^j%gXn`hG71j|g0bA7^W`tbRf>KMT)& zrj;PmX;fB4DSfejcoyS^1e3x{Q}!VzY|TLJC7)3%PoK z6zkSpUfG~=d225M7@(jnIOa-8MJ;*+n;OJrpdD;3(;)FhQ%~TCMgjg6nz%yOg{ zH(^VqpGTQm+wipDwmrX7gg_c}elj{zIUTzV%4>OqyX+i1*!S*bxnzou^`6dSL7E@l zPyz3WNGlMq3DsCs(xQnMSD|@Ib9y=!e#?Ge!rrH6g}stu(J;sh)RXYxu_E9b?aklr-Kz-tuPR&YvOAeSr5lzr%c8umbld*_S zm$IKtTBBUjapW_4Q%+r#?-*oss_y=CGy2D1QRt9VsfJBtx*e?zB(uudb$xtNxW;et zY;KMA4^E$sP0f1m4{fW4p%^NPLQSgFBCeRQV0!qzy3yqCihmv2S?lBu2A6$0r~{DY zV)nD0&A|Y#pMx4^r*j6*{?Zni-rLz8_N6-E35H*TS3Nx?VK#b$DjT`;cVL0u=ZF%w z*X@*eV@UVK2MJy(uk4?-&i&vqDh>4sIQ}pbg!pI5`!gK(4C!PWA?49d7*S?VDlSBJ-v16<1>)QpExv8OZjdpYgo}{!c6mp%U}*Tc zTEW5e4lMup=%<%`A{t(wiOMYBY8wME_<|y+CZj|}jam}<(%$zUJ&lEwHVg3_Z#>r< zn9Z=hndFZ!RzAtIbI)je&3|@U)q4T1hon{kMULuZUj1_D1jWlHQt3U`Xl{g+hH;1c z_Pg1qk$p7g?XL+V_P@wKzy7#n-0zL__XgPH5y+Q;kin}+3 zuRXcdw@BisJ14w0%{8o3%VtwdTTD1(x6usb#<~2rd&>yT=t!Jk0 zXSGz}wxJtz&#K&9g{oxqiPgEdW_NGM;rO{reoC!(W~98S1xg?-9w|ihfBZPNJ!X`L z?p}y~%A*NBiC$%4g-BcGW-l1;tz60pEk{E848jfj`jkD|+$TMwh)tCsfxid#Wx_n=*(?>_AYHAjbJx`$SThNxFu05xA_n|XRzoXVrYVj6d zJ0>3vyL=Hd`Qpaj5${+$Mz zY!siL_hAr;EI8L_QT7Pkmm#@mxf=H{gjo9YVE!1pVf^^#9z1GF8xe9^-4yVJ})I)5LK|jqCyIg>CF-02nKg;UnR~CQy}Y_lN^?EpG=%>}4@1=G8A0c)I{&1*p1A zh0xfFNlJ4`3?Gx3=~PblKDYZO53gY_X2`0dvu7E~_!5Ke3}N(s?(aX7j=zh4G3pdN zwY}FufP+C~JmteoKDeX179t`d7U|#H{GOa<0$wkme+=8nHI3DuSg@PVoKhtmTH0Y7 zb?rurIW^Q_Ty@1pud~D2267Yveg!cl-wFhH)PF!tvjC62CcYR)%eHosan=+>wbgQN zb%P-%=C$9MCtC?hBU9=S#T@hZ$P8z{`DqO$J}+;7)3t{DepFuhjNU#cY$@(Q>2G%K zqt09Gv-}TCJl$Tnf%Wq`$qDe29(0UGAx53r8T-Klb4PmA_vCJ!lSs4mNrtVpw7mHgbCnSqLv@!kKGzsqPW+!_RR5%%L8$+4 z`t_f723+6YU41$NU}7nwKhAU9HX#_Pxb8W6zGcVk?YULuTq=0VMMcMs~P6oXDdywAh-L%bDaq6_a^X_USh(!e@WP0{gF#*$+p* zkq;Qc49klvEY$W%s707>EYxi2)C~T>R#RDigv1ya!xilH#axtZPbAjo{m<>{Zn*E} zNifv|;mM8dvv7U>3|QD9TNZiEUU8%U)Y5#aNtR=8ysqnCFZ9Q+FxxuwI#1v?5CR?u z;K<1I$;D+746CjyJ#>(Hn1pi;7v0huhfx-=S`G1$civKP5Ai_iyp4>9{)`oOS z6sp(csv9iBL(}z*Gm+Rf;x$$uDy5|!Mw&!La!!b&-pwj7tVH?i#`S=s5OOzO3QLzQXv!hP(5+0mGE=IIoBGT`Wj29lXDtoYC}BDyKT7r$?14^ zn9HMo{^xKrCZ(l<1UuGySQci%Wz3pDPQ0 z{+DgBTQ!7?MDv_m;|ix;1ZQ@2hxPR8vWD^%n;WtszomUM4)d5KIcJw&!Ogy&Re~Ph zxYlE(BQksW2Np3pp_R@XNN#yQ(h}KYSmW5~S*zxdPZk3I&|W1Ub0! zVZ!VkV#)S#`Sxy2*KS zptgE8n>^o7>cPq%F-&JH3{y?qdzm41ALuJ0WC}j4v}~-a*VU3hd*RU zPG|6%n-+r;yCt*=HV!|EncH&9W@yM|g4-y(xZ-QsON)HUKPqP3K0})yRGhdLq5)yz zeLDMn7^v~k0+N2Q!_SsvO}sb9Yk(Ro&Hdx(%$?0X;qb>gyHv6k24U$ot@kX|pOqA2 zq^2uS%wwrTwdFd=lwLEI=?Mj}>Bju_(IW6dzO#beZ3ywr^JLJyX)nq{g<(E)N;{9z zek6dR%%d_)*oPb$S1Y$23Ds-#W!D@RGpr7kay0KAmP0S@XI}lQ>3GxFl;K+o&vR1X zj4Ss0G0*+jB{8#&{LZtf_O#`um3(~ENK9i~!80cC{?)>Juza;xa=5YJ>aulcgXH>e zs1oEjJ2s>(w;%!cZw9e8hMPzV(@1@fmbwn!0?^j(oEfo%nn=;A7})cDHl;>(d3>Y*XJC`i@@6e2?b+vQP^nS6^hikFWfvztUY zXQoptPJVc=_H*)0!QhT>-$n0plDST>l+cY=^b&XE=E53mq3S=Owx0jPCTu8v*(yYv zM>%g-neMPR&c&V=dRlNXp`K$(sy5Hi)kCY0^O6csZ3$cyxCb7qo{|uL<|U|YIU0~> z6iI0>9NUr`lzzK~3YfS+ZD4W`W)EJfmAQaO0?o)MRMn=Gq#fT!h#SqqBL*uBts#&0 z2VyV`+Bc~kbz^YSyZ>Ef5pdUaUY(_wXNKM8`Sbj5M#cYYxF7_0!JyfqNto_^!06~` zPXfiIKPGcG++;dpMDvaAwE!H^g@*z~*$|*W2$Zb;ob87Xe=r}Y!oK}O5AXhQ=R24? z|B~IO_WT(*bpIU6z^8FN8K_|=nC0;*H?LQfAH)or`>Q*|fPk(@`L*gKP(HetQAioB z;*!yqaM*qHc;dNZ3@>#v_I(~>8YSdob$#)`T*7YFdBQy~r|@&Q=Y|3rh(QHc0W1+x zLa#g;?Ysuz^)oQY?29*uBtIloSWA>MJ3s*x<9yi~^X_QzwC?ndX?Nu0@uEoFx7|bE zI+f_?`F2Z_l$ryjCQ$<;F%NmZ$FWUkq=-~`!!RquwIKYA-EE&4iIKm~0n9XZyRmIN ze+4p{i;NImK(5W^{@G^568dvpl#IvvltDj&C>el{GUqNPHjkyBZ2Bd*$C4HEu02V^ ziJ~f3Ql|H*rLKP;09RhIb-jIka5om_bE9-ITmzvOCfvIQv*vzmvs-JfhzNJ}Ku!av5 z-sIhr{dIn*1a)JQZo!e33Ym~f z8`m^um?_=HG%GI5gmrSg2x85nZ~fuMF*R~?YAgDOxt<0eJ$xzf0`}U&2TlXfmZ`pQ z`xI94)c^%2C?T}KkUEv3?o&4E7D2wB54BerpA;{LNdr&wraDEFzJcErZjAc zEy>Osk09@`nT!tWU$+(~@2%yWpiz)CRSDU)bnU49k(wOmk)TEIB-3Ea&j^s zBkO;L+n2?TTdj`AUm^l5yZjP7u4_UH&SeASfAg;h7&YsEHTvwEHF}Tef{5?|g<&jK3?9?X){XoHW{x@#UF3zm=-^^U>d^2)q#)^o{ zjQ2rgxV)?w3?wEb004lI5EoVi0Dk@Y*-!rc-?n%iRN^N9IVy??0&1qPPk#y^rUEho z06={#)Q3LkPZ`2aT*DCnfF1nr2Q+G1W&{B6VMquID7)!iZi4e8nPLHU#3J)XOwFkle zpv&E+dkRep$tA*JJxyMy3?~jDK(Utj2oA1r$-(qTPMK4@Cw;ZZb(AXr8-y#_3U59~x zC5)gE-ENsZ9v4T5UXwLAvtc2C005_Ta^gg(>8(xQ?pwFkPatKFnS?TDjZ>s=8@nt- zrfozBp~r!Xb9eBHMaZHJBH~)m{76j;IBdF}SLMJsc_qV``bv{))VJPQ--*Yp+WCz0 zI1;-8Aueg?T($W6vli%ZZk&?gIk;bwJ$#)l2oMi|_=}H`KD?JzrI;J*kdW?E5v%UR z=Esma3=J#ck|4QWXGe)`Qj1B;?$XjA?0a;xgO41-#uxr8J%2=a#?Jp2oTEs7;9UXc| z;SNqTmB}s?UDhm@imJw`WdtMtJcb=Iz#`4h#u=k6_?>IP$cH$UVv=JY5s7G!&w771 zIzHFHJ*CdT-FlD2i}0axvkJ_nt65SlAUmeHzeffgBZ7Rpk#m&L^vWz84xiYDqfZE~ z;$>i-LBwyr2PX+iDqf^v6cb9-j_dyNT0!DK^o0S3tjN!wQN|Mr-`t`LBqD#tzdi;J zZ1!$yK8|ndSYN6=$yAq*GWxvCvy&umQ&4PMXY^{O)+!ZcvrOfZa}zAPC^aTnl1w7@ z2;M3uvjPBLk+`zJn9-v6*2=s`s6gDFBY=<{40IJ14z{1Zq^@8 zL-CJ9a5XWnjDA)pjQH~2q(Qc?4hML-WZ3GscOgva`WqVnDTv$)aT==$<`ia<;ZYLk zUVmXj2wlm?NTd9F%tn}dkjfLE+$vmmx6iUbD)3qurbbrgg~Bi)p%&U_9A;*_!MAu{ zE9_>=hHkR@Pp#byIZeik=f^_Ws^~BBwBgH_hP0|1joI}cbay-NkMd{m+I!=A8T*>Y zb-a*isGE&C+OLfYAS4;Fa6?kq-LZMB@hB2tr=DNjl=3OkJ1kk6ukvm*sXd=;yx zhz1SHeP2g%OEX;F-pYEL>fb{~L;%etE*0?^i_6(g>M&3m3&H+aVbC4q)XcG(d}qiH znL9#MQlR6~BPAU50Kt$llUx5?LCaN}k0_`gxRDyQ*Mi#ycKzDz_}F%5?M{GjwPmy+?lMb4-&3@6iwGxqq?((8a+#91yJ|70ZQxGTnpw zW)aZo&p6r%cm9bHF+aR*8P!X*aK@y@%)^4Gdl;fVIO}pzhi(IP;Pubk}q<-O|e@sIW=7ld_oBK`X0nC)grZRFOhJ6(h-0 z2{x8EGWiT6Cq`&<1QssdJ{*q&gYVYO(eMo2qYn-ZmM4$uY`4`~#cS659cc2R1&*4W ztCatbn7Y0EwFY_gkO4z%AkJ{#57VqqvzB_#-gz(WjpR+ z{gG)T1v#nGm|bN#PSdGIcgz+wb({RFL=_9$Dq5MJzGK5%%~hodWjQ=^$8cb0;$z~{ zlJbeIti#Fc<{Xa2GH}2x1QRS3!zQ%0S3_mR7)IuPw^B+@z7A>1<0p7Rhbk{7Z9P7$2>KLG+@9dZx1q%bSCz8;ht_Bs5#{&F< zH@enb5ji9M1rzJVo%zXZ1svifsTn8v(IIoHW?7_=;hJL+Xw0mdTZHFwx^^Z?mny6@ zbj3BaH@Cq5^yLL{%!#y)N5(sF1y?=gTFjI-97S5e5czBQZMEG@xF~ zSn!Gc1tv0LKrfSUB{!PVl~3;DuvDm*p_`?fEKv&HahEcb7MV~PCt5A`Pi3;bU955j zT1(RtYpF4RpIv>Uaia(b(C0fgNXEg9E7vDKLq2al;JLPQ9ipL*Wg;=lpc({a{2X;_ zGec8wBqklIX|rXHGJw|kY~jcOEoaHS+LR=|*WR2vY>{D0j$s(W6)a)tdLSWF4;wwH zDC0LuKCd+M*N6&^vZJM1y41AYzMJz6*o_))@cZU!o`=Wb+y>Jydoh>luYElR>%=BW z;Zq1j(cKrJQ7^e6jfB>Qwm328ncf2j_}Z_Ue$F2N*4iWoGC+{a%rImop7wLHX0VZbDUDdVzsc&r&WWt!uQErQQQxH zCp+1uxfT^k&*NDiRbn;F_IZ4gA6(iJIuC#hc4)FAGK?yPh-e0$&lU@mJ46?I*LM;T z3BSlkAT_yF&{~RG=_S3L@bqs~NH_<#u|~9jo_vTntChWDsU61Ez-Tphf0%*;t8poT zmtJ3JMO~zzr^UXCZnzK&W!@rxX@=!H8jSDUirISbnGj_|RGm+`Q<`FNeV*pSsCRdN zXrV)d71mfAr0_Rf+D0LxGoKP_xe(U0uY){C42wr*Y1X?wPfCS)Wjp0 zxz6506nq`^^iY{Rj$Kk74e@UDnmLL!G%3%hfrv(dQrYj{6bbIv-L8$?P*ja>gSA!{ding2<654TqlHU ztlHyi6p{HmVCpBTkNvmDiBtRs1LJqJN47P~ysS@7QyFu>XH4YVvoQKpPFYzzEJwXr zbKToGaoQ(NVx-_K&r3GTQ`@RIuVG=z7$nj}u?dwQQc6^Isl-C_4=7NuIz@GeXqPTv z$@!8KhME+s-mF7!4x=OXM+p=SWSTD;_*ZFIZ$yYT6!(`(i&xH41SOa>>tdaC>O<~t zg)YaE<9$K=Aty~18!^iiVX2Unx^EYiqV>bIQxyM*j**}b96;Lo=% zNm7Ya2_y4Jj{Gmm!e6X#;VcC;I7BEPYUuF>0xx)gQGCfrXg)%;*aC@iP1?IgJ*%BV zK#h!H33{d~=qB1`E|AYi=WL-=c8|V|(mY$-(CpuU!74VS3UN&WMlTq3j-_lLtJL`d zC(p+r(?4uPu*d)>O&QC^rp1>@LkwlhF4-R}=}m6i7X|{ws=JPFRjYckT_45I)h==tEhmiq_NB5oEnYBZ!(&r?`1WJ;zJV24iYlbp zB=%1Qioa+k_fT1iHc!|jz@i2fMd<_Mhvi9C<0&(Ulf9e2uUc7@@ zU{%1GT2~|;;2ZCtj1FlKchKHD!|^w7JN&OR+9KNmliMf7TbFrGfOnMre`pgb&N#+p z!_4|3+`&&BxOXdSeiGh>o5cY{!`9~3XC+Utx;rX@L-N^XpM@8r9ULBoc z14x%EC#j+x-p)e`vw>D<#zE_%5JPW9qn?f3U0^VdFNOmtKMVB^Id#V(gKqw_HqaLn&7hq!Vo>s2?tc_|uT@9f^6raM{wp&hwi|IX=5F1Sv#2*5rWH?)q22LSl>e$k@; z^!JT94(#Ww|BGOUcI((1sa~!uS%jD_SfEU`W<-NoeH%T}*C>!L?}QlXN2CA)fHDzZ0RYGWhy!;+PXWCeYluPi zS}UraK5!C4cELkd9|%6y{?iyWa-cx`1=!j4W1bnOtQeO?wn8d<5yx<=-?8X#ej{2P zKDA&ui2(N_`!&aJoAA$gnNpUuvLgO2GGI6%XCIGviX{w9*4uex*X*I9sG|FE5+4b; z4++RTk1bghEhU^WUJwrSX}iJZz+b?sXa)GF)|>I7)9y^k>eVPr-|$Vwq!9N*rQYrn zlXszfiO$vlzT*5US$FY=ZDIiYMuE-qmdlhY8bUr;otYG`5UOm;nt6f>U++S8;%1PP zQnqV*bZZibhL2$k(a!gxh4zKGOA_N}q{M2MQ6lHh&n)8^0f1QWIsRI63v=q^jbJ$e z@piJ6C41Ggfusz@7!7EoSdiQ#@<+R;>kqVKFmh>IKEgAXVRIhG1}Yeco}iaILV?P< z*w|1oKQf>ztdr(=93WgC3gsc0) z%fNb0j-U!2`^$4HP~_9E5q{k~f?q0loo~)D(jW>*%c3H-QW~q|p;?!rvA5VlB9#;% zQrx0TD@jlL)z=r+x zwi~ptc6#BluO9w=?ys03Yijw{%Hr&bZ@N5XQ)cU9`PRyrtg%!{b+fWPWu_#+ctX}- zx`32|S9nIf-`UX$l`9FImE5;(cM}CuQ;!mN#I_QhF`HRc-aO&Cwl0(taIZS2Eo=M2 z%E6UCX1uMtchcTRGDQ7N2Xe%|MduJLwcu@foN~v2+@5xy`rWFYpjt5;QB&fbJ-5;* zo0`vB3-^R2gbyG0b00Q=%=_ZNE>?!b(ZCQrBs~%u_G-^m#LLObntUR`dt5Kavd#^3 zjQ;lcpXp#R(hk})H6ln6mXefGcTmme%ab>2PBCIN6C3QkCb3-;Af$tR?OVzL6ILxp zoUnjCZ*z{s84~!aqQpfrYbTxyI--l0xwGO6kjceLhHJ}f)(}sOY z>U2L&53Fm3?Vk5K|312CZFMad_qPPEwJh7JCwnFouFFO2oK;i0^Y+9{<2Z;THhi-8 zPdIM0#6904Q}bp1f-h^^u_j8B(NbhvI(>u|&C7n1?C{x14dkVs_raK-&X8pd{obi&|HOeX@)x!m zeRBA-9)@Kzmwv^}Je6@OIzoA^qMKA+%qX!{iw4Kjh7-v+38a)ps61d^TX7Hk$7q%?9|}?JQyQMM>-(cLpJK=K{)Ch%P87q1oo;X%2IE^ z?qCzjcCIZ}D6XJM<=5A>9d0LXOKj$lc~umVX-CGf35&8PDR;<#WVv}oyv8uRj#IT) zh%pGg50TJJj2LF5wd7}?W-Z(i?gnevfxa75%c`cO_e#sTIO4=!_h71Q&lrY=sK2$Z z!#=S^Gfb<>x``uiB!(FO4O@S-HO4n*WwA~8fOql7yY@veQ}=q^*V~sfLgd~LZZXwT zsPGLezB1t@nOxaToA3Ccv-B)V3q3#ETGYJ}i}qOi)JusD%o^{Cbz;^aFZWca+B=-w zTV*rYl4SHWMQOxCCZ++V%2M1yRfw~?PI6&s`@Va(=2pPU#AZ-O1nzpIk;v0y9dy^8 z=h6zuucx?{4f3&|U~eGzn(q2EaX-w2i8lsaN83}UfI+9#fQE)pW2{oE*4ms2bjA&; zvMqe8Rw82SySiWlzJG^?CRFAjXHm7yz}DDVtS}CF-FCOn7^GUa5Fwr+XlxG8HFYCc z?fFriFEji0DtbS}n&6y*hz)7HcRka0aL(hdAT9i*O#^?N0q?qzPn8<~-IGX3}PZsjnKl9r? zpZ@jfY1*>|&*&r?R$JSokS?A9Eb3C5zg zMhPcN7eVw=RN|!;Wjspdd5XW$wWiYKp=gU#7MH(Nii;GZX*6-#q5zK8kGqjjExPXC zl~R$nTa+x@5{tS%{3C=)4sa>#-|L`LevLO4pJ zAJPZNj@Kfxq&tGW#-GupVFu%8#Ge0FDvZ-r(IOuP=bXYgL_wQ~#M|YOrK6!lPC8GL zY37t|8%+Xo5h}>)s-#R%Kwkg2gQBH%ygU$-OHOr)3RaZNym8t0zO7!iY{V+IPC+#k z^B@7c4}m)nVZD_@Yf@eiTtc|o54{T!?U1_?Gd)-?iD1s)G*4`QZDQy_3Un7T+#J=& zD7>QbuRCOaWb5D> zqKz9T{>yN&K$yWE^U)LIrj))3<|5*+digUT&=R$Yl}XNOx8UzZ4_hvQQM;@YZ zm~q7doFq}Q_@e626YN9dbZb@2lQ@eMprS_;b~5~RYgNsdL8t|);|-z3NYu4j&7xku_saOcWdB&&77 zzmY+pajidui$#q!VGOllbfrp_`oT96d&|p!Opr!k(?BhN0XMb$m?tudLGVRqo zmIGHbTUX~~w@$ujrC}(L)Khbt<|Wx5FR`b+&rPO}e185+xqJ8ip@ndYV1S+5|1Q2s zP1j3k|<>|;yu1J51= z++6=$YphxQWb+k0Z_F3TvI!Fml*0rKiS>uoO8EPfdc@Il2^a9u>K8BA4ISA3(iuv^ zPD@(Q?`i)HN7#-O`kV>o003}v$YZ(D?r;hyh+IvMH5TtheMT$2b?sFl>Z{tUC##i3ix<0$?o!IbJH)O?!G@A@CcL}P5%FYu zwI8LFsU1JE18x!k<~y$ey}IerON3S_l*5wE()g8Ps9jZOLnpnF+1%_jz;1%X4-JHS z*OIIF0<4W5Sy250Y@xN^f%_VPb%y9* zy{0@s`9qMXKIjy^+S7Z~f51NIe#D3Bo)!QK$#!2D=E7+{iAldQU1K_~!pY-$!W2Ys!R6Ma}8?}Rht zAOOHj>HpH{{)f=jV7E|;u^ixtbHE!TL`*Pz406r0VhD{U#vcK=K?F7jxcx&Y4Cv9} zv%*+c7R(11$$BStA`Cj5h*Xb3Kx+y@zst(`hB| z0x^5sgXL<|l}&=^j_4LkzKmd^&aLRhP4#@en?3D%aXSqJ=msqU+FA4`4Sw}uO-lD> zCxe)ixK75A9Ft4IAJ0L_1Sw~>ZmDq;>QH5vz%dDBT3gWkF;#TX*U>#a(*<{~IFtQ@ z06QZ8wNxcR;Jd5Ozv54gQoWfddGK7{Sx`&kl&xGQEP|d_`>hB*n4qlGrke+ zJtUp&8*Q^p41-$l>Y<7MjEbNiNb*<#PK6C3KNiI;M(KDlW_FKj2ImdPm0Rzs{BWyj zMMS*3Df?BDpE0+=5?tz$m2^hq>yf>0tHvz0>u*Ak_DMV9n^qkUZ^Jn(OFC;?QC7cv z94oXK`vy+m$4|v{b+ZWGMiTqFe zXJN#VHfX_j_2=FUd;X#tb}a>y@vB%NBB(#w?-*uZSIz%ytJ?2)7QJr%goedztMEBy z7XGvKO5ye#zLe&xH5bU^1#n~iyze#(zmv(BGIQ-EDV8OSZ~x-vMynFlCbGh#6PU0Q z&tZVt8jBKa^>j8)t_Tuaad>6bKG!t_%AK=RH-r45+aU0pYi~rAIlcb6l9qd$O>(_< z;vB~MJ4K>KCA1L$qc;4K$Bz51Xxw8Sjxabr$H3(%*1jPx{}<}3jGV2|Bk>j;b~q<$ z-Y7XoZ2)QkhRg;V2}9MtjoKEATcd>F{oWwZEuYw)HuB(yb+b zFD!0@E@IW(NMSq&X^|v^tXupl+gx>>epCKZMrc_wW+@{FNa@|se}Z%aP2%cbpD#bj0hNTq8LEa zAVolVSS{3o0eHt6B@8}U^0=s=7+RB_!5?q7t-h^JI*eOuxZzDo=J!RCT%F*{L(Gnp z)w;?Sl*lPIUmpWax!1WD$BjPl30;1?MzO(d}nGtJ5 zzfcg_#%j@KFVsgY-GRF}k|`7*7d3-L$!1T@hr}qUFsp@YQ*qjvp9YmK=T}>$k{q~M z{sgf!N91a6Wa+FKWMMWoq3(BewCDPtSeXF(2H|=G@XuG@$|7wVICG0`X$&1Z7EOa=uY^#1KC+589|KE6yP>`*z{z(_{LeAQo&aAgQ~$sDXTZ zsuDQhc{>(YTgh96d8eKO+v1pWn_cq_*np~(NxO%B!{5|D2?<6z9~R$ns{FJhsLT5djj=Ptfay-s&we#OU+7TrTq$l|H%4$@h&Q;k8PA-ABAk$KJRBFsF?6 zsS*N$OHT9oWL56tae#*hz1l-p9ZW40W&~9{u#iJ7v}#9QOLhK zPB!BOxfr)aAp6EA!x8BT{xG0ZEU^7R7N^-rbAEDU=2jNMAJ`KjpkLj_N<8Q2LxFXp z_{$t{Qh+x9)0A3}8MdGBKcJic`Cwnaksu&w3h0v#eYzWzjg-Ka~vyJ(A%qg+>@&_ zP6hY#Qr_@&^F?P)jhCQ4;3?V3qjP5ev%%o^nk~wA z|GXv(9?6aTSFVfC^8@&;%fj$TE3dY?puXsL^~F_v?dJTk4p-;9wC<>7VJ=#A2j#nX z7*FT+o2B?rTp)A%KTpwDL<(ifNG1cp0IXqD zFE#UAiVR*aufxL`S<4(Z7=~V8we*55>d131|0^xYa&m4WzW!9{j zED2MhW~f-1d+Gn{ts+v)#?V`>2WvU4zC5qxUZqi$(5j}qqGFeAoF%(fa@Q@9VT*9t z#Xazs7sL9}L@i?((mxfP(Beh%3`-cTg;vSV-mb&8SZw4el0E$Fj&!|wQY8tkOz6&X zTLtb0e>HyMK*G*+1&g)bqm643D>2BLJtxT+27tN4_Y{%)$ZeFVI#ezKLq9Y#{6hik*H?RI@)6n{t!SsK4^`#U4VrCSDXng= zk+8Jz(8V)v`f1Fo`MJdH{jbZ$V|#yM{1`@`dWP0^VIufj~(a%QdWa=dbD<@!WaUd`p_h%Dx64r~Te#WlX|NApg{g*YuKD;Rr~AIUET!z~>M*HN@4oTgo0WM68h+(_j*{t+ze`8=TTv>5RAhDg zVO6KcmJuRAGN$Ucx)&M6eS^~N(+enHtA-tQkfy@T-Ga`(c}XDK+^N&eFske-v%Rp9 z{>IjY9AWhC$MOW2T`P%o7Pb-f80-Yrn?lBMawga1zmYy7eoR2e$uP6LqHg%b!*5Ge|*Ua#Me{w%3!zvWvy(D)GknQ0e}OCa|`^d7wd|Ucu`rG&M1$A-Q04 z9ubW+`MNEQabAMgNWLkkmGtz1u%y8GcqnLC?fe;Y-ml>Xt@rPBZ-)m(e;|~Av!0w? zFS6IuH5_4bDlaMAx8vyMLVM2=JfF8>uYlME>istZOcn!HnwPyVd!)LfUC4e$NP$)< z_Nq=!w%X@=(MU0T8*{VvRYz zVc*8YI3HKOLNZrqht>XHCfGi{s)HNlrHc%s)kU*5P5CTlc6tJu6D)QZGdSr6otcCr zPlgEaQ|1ViT9^&z5?_;fS2JFiYfd|L4LoH)^L_DZ!ir^)vUzgL0S6)0m(N3zf zxr4nBdnj_8E#IHV;*-Qm=a|1PbIWi$-b_M!&2)zsx^2 z`*YQbR2!f1_`7Rj5G@M06(OfSI`?9mv}Trjqu-Lvr9;JK7N@;|k)eLnVoJtbR^kJ+Y2^_oi;345t1)w7i(!R^QEXsu_hs>D<6-= zggm8iYy?!t>+zRNC?vAD<7{Go-t9_E1YG~zkzNnwe-phMtLEyhj#iVq#C-{7SLbe- zpz6osRivg{xN3<4Q&k(X(WHxJv~;DuW(MDycz%31i!}?2R?o-6ft?~stbnorX1Tf; zY5K0`oJ1s1VjL27@{+gXZ|8}=n-4wNmL#;}@_^&fHh2OH1EXHg^(pbI?d}><>M*GD zp4N1JVthyD4uWa)GT~}+(#^Q*j*4+@+F-s|?NG z44fM`)ExQskH4S5H;Algw)EuL&CUHG zh@?wz`gYQa3QcQ@HeqynCsxtj8Ih&5y4CMaVu!HkCAD-_LXz;kt&LG&Bb}QDjCgw_0dqgNWtzXX&FuktgjWA6^WKy|_uFhZspW0L6SUdN zkql04ss%=C>bjfvHj%MQpC~3dvl3~)w6;ZMfo%z`bW-}GXahZT+EZv`5EItcDUHYV)vHpflx61GITUTxmqn~OKA-*o)^+ja zMmt+^RZn?&599T`_pvo%t4If?&z}Ozi9Nf8AGv6J0?mVKpSs}KasEs9)6hY?Dt{Uy z;EFC%$B8VKZszPnm?LOeNXHVGGh21#m#@^XV#(5Ys2z@ceRM?6vCPKlnzs*e(BAxV z+WWPCNeM?JRL7q}*L>o@{JBSGed%b1_nP#X!9u%X=-7xp0%2|sm0wt82(8$ix+h$Q zJvyZ(X!rfLw65i=E+3e}jcYHTXadH3!l1#!uzLHvzK6<6$ACeb`4qbDyWVhU$jHd= zuJ1XPMD1w%v~4Vjbu?^EHg0-)LPCR!f>}J6jf90S(#AC&i+gGOdTUQ}v(*IS-iu(i zeU0w@#r~)Z&!jEBAAfoI=mQ!gTKmKa@*-1xi+=PlgN%97P|cT2LkQ09CJ_hn>MM`# zr`+qr3)GN*Z#LL!@&tQQkH;V#Fu>_za%x#-ZXYsr(_o>4b>e36>eck0Q>$8+k;NBl zdMRthVXxn#Ofks6bj^SCnJ$Ag?y0w3)~Jva95hQ-y$T+U5@@JDm|$5CSwyiBmP#KE zg*L~RZ)X`T)~V+n-n5Md^ zdiRSs{hN}v-ITY%8zs@ETGBkG=+tXbA*}{GG#GA}xaJ%qdv!-f%wUnbb1;!$iR^TnM-1%kYIv^?9AMeGh6u4A+BLWm|`#k_eadw zV1c`RnKN}EB_PZZqAb`Upg3})m`el+H`tJ1HDh&Aog{|%;x&|(su9lOnEZtb(v(vV z_R@QSdeV#trn17jx9V=Ts!rI|;6%nhD@pz=)#yY{`~rZeKqZ-@7~p22U)(gYCAACcTqYOaQl>~V>g5QZpl(blI810+gy5Mha zCG#vqPi#;#kNl( zzsLc51M{P~j)`Q_Ey+Wmzc8Xg@X%z7YS3P6s@f`>g>{7z{OMgmShFi> z5Y=a|w#77j+CPmbP_2$my~MPgcwB`H0dZ*k9q&Y1e z2|xAhCz}((2%FmG82Oi5>N=PFyLo_Sw9jE9p(rg@gpF5Um=;?<+^$|pCv$b$sluMv z_!5)oIF-nNZmb?Gr;1ezSN14~yqu1I$(2*vuweBvGz4RhdY<#`=xk7j5(!c$b-Vef`o`oA#X00xiig*;>hcUIBXvb z;*7g%2>!ty z1vl)cZCg!6N?&Odd^!093YX&M-?u~TbWixW!wWVKu`{!@$Ue>NLViY*REO1+IK$!V zU*{UzZcTG`%n7I>@w#wi=ESgo?jHi52gQhcKPjC0Xo#KbtqCt3AXoU;$1}7?qF`8G z;el4}H&eeB(_{1=xHXAnG;FL$;>`#P3+KU}My*+m;lkGw>2f*Uq>sASj<0tsXA zo}On63#Y#4FlOMeEat(BcYsb7nq?kVw8aJ1ix|2Vt7OrP6St`nFkTU^fx_BoZH2S= zeunDz4bl_PPWlfa=Z+E>;7m`<@op%1{@Sj|@MuR4jjr={8fq)3!mu7cb35Z4%kWn! zbGB;+`}sI$EFwZ-mp(Ccr50-tYUppwhK+fkYvE#~vj;cO{NcZ=&HAPyIETLMF6FP; z**Q45r6k_BsQpm$2&_jdcHmZDeQHG5=nzbiY0DEzfD_mc|D{xb2nvm0=>b}@^-!#e zA_}mwMz@V_IM{h)i&)Eg&xC6sNmH_4!X9%IQ&drLl#$!QT7k8;j7eOGaLuiL+p}6s zIiEz4{5w-uxR5mFoTBPP1{O0;N{2o2I?C(REg5N|aI*yq{r<#?9j*whrf|{b#>APk zR?J)2n?UwwWloGEzD+p`Bb$CAIls(O-1cI#0~v72jCqsI3;E-(pg4YdtUhs7w*ax` z#yY-PMeSF}o2V#cDg(15EnG?~#Y8%2X71eV+C`33jNrHm%RNH!TkB?zWR0dF8S?Or zy;ZA+vJ_s1XzuK|-9?Wu^4w;-jlzMYvu#=*5}or^^(Z)%sblbM*jon}1|ao_1~xtZ z22D8d7%oE}WihPw!o^G&v|V#*rXifs*9jQRsONS}KB<%n_+IDg`l@vBk(1WWqC9EV z!aTpu$)MLC$UXggKK8)*RSLDkZ<^SWJ;6*<-R@{G>?L$Cne6N0Fo2>P+t>x`0-rB$H;!lS0opOEV;h$ z{rSK%+VWnXF?cHBgLJz$|#aJAAQk=Sx5gM%^MShM*&kFgBVIrYI^ zo|#j74E;0y?(Qn{05CSTt$y&zE?rusG6K%X16!ev3{Crrr``=kIIyUvzt!2-JwEC; zhnD_^rqmjah!Vg$r;Tu4==8@Mryp2Cmov5_tJ}A4pKB%gMp-=^`_Ex@BKLAe)R7CM zAkePg9G95{N9^6Srq5#i*I6G_pSo4|kv*Qk%#c9*YMPI95{IQ{_Ii$cBU?}Ja4f5tWLhtysV!wrl;&q&wFMieRj84p=IGob7RR?R)nYw|-|};EwIsu`5qJ z1nVV3#N~YOsYOSsr#gL97OSFaM^s-&7`o4ijfA_)d=Xy{)It!zioYUwR9~b5lhGim z!P*s=v9!OsM-5Z$Vgu*|>^}w#>c%qJm=-IlG7uwo6^=&e*T@LrX(~Ij*Kfto(7=D> zM7JPi$5)TVj6`ERJgWCMuf=u~Yr1V{7;gVQ1SR3pr!D5@`le*>k9(DEg?np_m#p5N z>>KyDf$HPL#Kc~Yz(zv*q3y#FXZ*5@ozC?JU|4LvuT%Ea^IX{#kI3$0WyQN-Aw6pE zgGYwv=b>2N*vz(#x>QH9resernC~7;4KS2XPFvT=?Ni6&*ecBT{R4llnq@+$wa;^@ z%*9hJ*sap*Ep7~5x$$15&7s{@!XI7yaHr7P8mWLGMOk%fw(*h&6g?_cbbam3*US^- zKgN?9->udJe0b%*?|!4g*-OmSD$8r=@e8P$v&~s%<-#49$7*tNLQrh-_h9Q4N2ZCz znoT0i_iLobOG>*3y@L1fFrN1jH~ugqlI z<}F`77OeIQG)~&>PJ5fY-tVweq`jNHkBz$=mTb!+&mQf6IP@Om%j!uI$x9dD8i2hv zw=)z<&~VHIcI%tlRhut+`|#VI9^ll2Qv#jQNg_J<|BUahsIU~-`CnCZmtP&akSN+* z3g_+Avq-RP%!@*5tdrr47_67t(fqpGLCVW}g6rGn(lOr;JLtOlUfLTcr;)TM5%Kf| zw=NB93F~mnKEAloQv!zc?Z(OCtFy4~CN$AkL1(uT4NpfkaNh${nJk0KKYrcpYXGKF zKfkhCp#JPCe9A+=D|muju5PQ-=?17CE>H7nWSDEy^foPH3^D;WQ&K(RPf<3dmHL<&0$8 z$^rNy5_2R~g@L!mrfwO&%F2R*11GaY49U;eNNKb!I@{FufUTU8~kD^O^$OsB8{~RDV`fvJmQeX zXGF5>h!kDSdKjozo)7EGg72}@*Dz!Xq=#<+93HJ|9m}47>O3st}3@3s?x;A0Z(f8R{#QpH52~8nOphyo;7v zXjOex^deQmg2EX~?6t2yTziMbMY`VqGl}(ZY0X}i0%;1MTRSItYYg)$wo3yy z0gAD)!BVRTB*I%hhzu#z|6q~A^=tqP1i?Op$NV55>fIGHvk894>EZFFj){o}s-@<} zCS<_F$d^h8DB&=tv)~^3w%HUbGHfZM3rj=iEgI)t%x!fbG@rKD-e1l>_T)N%n!gNF z63PLx0)-rTe9_advYVh}`8M*}6dB6{hW#i;x5tKgF0%GF`hSMae+CMz!T;Zz`QM$I f|I-q5z!&(F#SXXuoQBO$?Enc8S>YPNKLP&_24g)z diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 05aa518a5f..6c82e08937 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1416,6 +1416,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware [VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)

      Updated the XSD and Plug-in profile example for VPNv2 CSP.

      [AssignedAccess CSP](assignedaccess-csp.md)

      Added the following nodes in Windows 10, version 1803:

      +
        +
      • Status
        • +
      • ShellLauncher
        • +
      • StatusConfiguration
        • +
      +

      Updated the AssigneAccessConfiguration schema.

      +
      @@ -1435,7 +1445,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
      [Policy CSP](policy-configuration-service-provider.md)

      Added the following new policies for Windows 10, next major update:

      +

      Added the following new policies for Windows 10, version 1803:

      • AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration
      • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold
        • @@ -1548,11 +1558,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
      [BitLocker CSP](bitlocker-csp.md)

      Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.

      +

      Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

      [DMClient CSP](dmclient-csp.md)

      Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:

      +

      Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

      • AADSendDeviceToken
      • BlockInStatusPage
        • @@ -1564,7 +1574,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
      [RemoteWipe CSP](remotewipe-csp.md)

      Added the following nodes in Windows 10, next major update:

      +

      Added the following nodes in Windows 10, version 1803:

      • AutomaticRedeployment
      • doAutomaticRedeployment
        • @@ -1574,11 +1584,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
      [Defender CSP](defender-csp.md)

      Added new node (OfflineScan) in Windows 10, next major update.

      +

      Added new node (OfflineScan) in Windows 10, version 1803.

      [UEFI CSP](uefi-csp.md)

      Added a new CSP in Windows 10, next major update.

      +

      Added a new CSP in Windows 10, version 1803.
      From df65cd750baab0c07cf301f4b44ed63b89a7a823 Mon Sep 17 00:00:00 2001 From: Dallin Hitchcock Date: Thu, 22 Feb 2018 18:26:59 -0700 Subject: [PATCH 16/17] Typo in Bootstrap.ini code Missing left bracket in Settings --- .../deploy-windows-mdt/create-a-windows-10-reference-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index 53297d9119..40c3fdf557 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -442,7 +442,7 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which 3. Click **Edit Bootstrap.ini** and modify using the following information: ``` syntax - Settings] + [Settings] Priority=Default [Default] DeployRoot=\\MDT01\MDTBuildLab$ From 5962c25a85417b59765e6e08fca345ec104d30ff Mon Sep 17 00:00:00 2001 From: modcaster Date: Fri, 23 Feb 2018 10:32:44 -0500 Subject: [PATCH 17/17] Updates for 20180223 --- devices/surface/change-history-for-surface.md | 1 + devices/surface/surface-dock-updater.md | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index a12b0c33f7..a374627e4d 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the Surface documentation library. |New or changed topic | Description | | --- | --- | +|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.12.136.0 information | |[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information | ## January 2018 diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md index eff1dae917..55d7b233dc 100644 --- a/devices/surface/surface-dock-updater.md +++ b/devices/surface/surface-dock-updater.md @@ -9,7 +9,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 11/03/2017 +ms.date: 02/23/2018 ms.author: jdecker --- @@ -116,6 +116,22 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app >[!Note] >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater. +### Version 2.12.136.0 +*Release Date: 29 January 2018* + +This version of Surface Dock Updater adds support for the following: +* Update for Surface Dock Main Chipset Firmware +* Update for Surface Dock DisplayPort Firmware +* Improved display stability for external displays when used with Surface Book or Surface Book 2 + +Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following: +* Update for Surface Book Base Firmware +* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices + +>[!Note] +>Before the Surface Dock firmware update applied by Surface Dock Updater v2.12.136.0 will take effect on a Surface Book device, a firmware update for the Surface Book Base is required. If you install Surface Dock Updater v2.12.136.0 on a Surface Book and update an attached Surface Dock from that same device, the firmware of the Surface Book Base will automatically be updated when installing the Surface Dock Updater. However, if you update a Surface Dock using Surface Dock Updater v2.12.136.0 on different device, and then connect that Surface Dock to a Surface Book where Surface Dock Updater v2.12.136.0 has not been installed, the benefits of the updated Surface Dock will not be enabled. To enable the benefits of the updated Surface Dock on a Surface Book device, Surface Book Base firmware must also be updated by installing Surface Dock Updater v2.12.136.0 on the Surface Book device. Surface Book Base firmware update is not required on a Surface Book 2 device. + + ### Version 2.9.136.0 *Release date: November 3, 2017*