From 480a37534da5a8cb5a515694773adfca2e816540 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:35:24 -0700 Subject: [PATCH 1/3] add comdatapipeline --- .../update/update-compliance-configuration-manual.md | 5 ++++- .../update/update-compliance-configuration-mem.md | 7 +++++++ .../update/update-compliance-configuration-script.md | 6 +++++- .../update/update-compliance-v2-configuration-manual.md | 2 ++ .../update/update-compliance-v2-configuration-mem.md | 7 +++++++ .../update/update-compliance-v2-configuration-script.md | 6 +++++- 6 files changed, 30 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 4a022f2559..308c20b85b 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -49,7 +49,8 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | | **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | - +| **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | + ### Group policies All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. @@ -61,6 +62,8 @@ All Group policies that need to be configured for Update Compliance are under ** |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | |**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | + ## Required endpoints diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index 57acb3647b..a6ed493a4e 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -68,6 +68,13 @@ Take the following steps to create a configuration profile that will set require - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` - **Data type**: Integer - **Value**: 16 + 6. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: + - **Name**: Allow commercial data pipeline + - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` + - **Data type**: Integer + - **Value**: 1 + 7. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 8. Review and select **Create**. diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index fe5ee1aabc..f4c88e5d7e 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 04/27/2022 +ms.date: 06/16/2022 --- # Configuring devices through the Update Compliance Configuration Script @@ -94,6 +94,10 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| +| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline | +| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path | +| 97 | Failed to update value for EnableAllowCommercialDataPipeline | +| 98 | Unexpected exception in EnableAllowCommercialDataPipeline | | 99 | Device is not Windows 10.| diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 685add0ca0..97e1c41738 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -48,6 +48,7 @@ Each MDM Policy links to its documentation in the configuration service provider |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and won't be visible in Update Compliance, showing `#` instead. | | **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | ### Group policies @@ -60,6 +61,7 @@ All Group policies that need to be configured for Update Compliance are under ** |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. | |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Update Compliance, showing `#` instead. | |**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. | ## Required endpoints diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 2deb4f74aa..179efe7fc2 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -67,6 +67,13 @@ Take the following steps to create a configuration profile that will set require - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` - **Data type**: Integer - **Value**: 16 + 1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: + - **Name**: Allow commercial data pipeline + - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` + - **Data type**: Integer + - **Value**: 1 + 1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Review and select **Create**. diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 8c879261e7..29106e4245 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 06/16/2022 --- # Configuring devices through the Update Compliance (preview) Configuration Script @@ -127,6 +127,10 @@ In some cases, you may need to manually verify the device configuration has the | 92 | Failed to create property for EnableAllowUCProcessing at registry path| | 93 | Failed to update value for EnableAllowUCProcessing| | 94 | Unexpected exception in EnableAllowUCProcessing| +| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline | +| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path | +| 97 | Failed to update value for EnableAllowCommercialDataPipeline | +| 98 | Unexpected exception in EnableAllowCommercialDataPipeline | | 99 | Device isn't Windows 10.| ## Next steps From d4e6329330746a492e4ab00fe126ecce44ebc985 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:46:53 -0700 Subject: [PATCH 2/3] add comdatapipeline --- .../update/update-compliance-configuration-manual.md | 5 +---- .../deployment/update/update-compliance-configuration-mem.md | 5 +---- .../update/update-compliance-configuration-script.md | 2 -- windows/deployment/update/update-compliance-get-started.md | 5 ----- .../update/update-compliance-v2-configuration-manual.md | 3 +-- .../update/update-compliance-v2-configuration-mem.md | 4 ++-- .../update/update-compliance-v2-configuration-script.md | 3 +-- 7 files changed, 6 insertions(+), 21 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 308c20b85b..3f1840da1b 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -18,9 +18,6 @@ ms.topic: article - Windows 10 - Windows 11 -> [!NOTE] -> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. - There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. The requirements are separated into different categories: @@ -53,7 +50,7 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e ### Group policies -All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. +All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Policies>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below. | Policy | Value | Function | |---------------------------|-|-----------------------------------------------------------| diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index a6ed493a4e..edf0dc2abd 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -15,12 +15,9 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 - Windows 11 -> [!NOTE] -> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables. - This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within MEM itself. Configuring devices for Update Compliance in MEM breaks down to the following steps: 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured. diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index f4c88e5d7e..bb275f2935 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -19,8 +19,6 @@ ms.date: 06/16/2022 - Windows 10 - Windows 11 -> [!NOTE] -> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 39a89bda85..2497f639dc 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -20,11 +20,6 @@ ms.date: 05/03/2022 - Windows 10 - Windows 11 -> [!IMPORTANT] -> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. -> -> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. - This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. 1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance. diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md index 97e1c41738..708fcce0bf 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-manual.md +++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md @@ -17,8 +17,7 @@ ms.date: 06/06/2022 ***(Applies to: Windows 11 & Windows 10)*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more information, see the Mobile Device Management policies and Group policies tables. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. There are a number of requirements to consider when manually configuring devices for Update Compliance. These requirements can potentially change with newer versions of Windows client. The [Update Compliance configuration script](update-compliance-v2-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required. diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 179efe7fc2..3f5e826aa3 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -17,8 +17,8 @@ ms.date: 06/06/2022 ***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Endpoint Manager](/mem/endpoint-manager-overview))*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more information, see the Mobile Device Management policies and Group policies tables. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. + This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps: diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md index 29106e4245..aafe9ff807 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-script.md +++ b/windows/deployment/update/update-compliance-v2-configuration-script.md @@ -17,8 +17,7 @@ ms.date: 06/16/2022 ***(Applies to: Windows 11 & Windows 10)*** > [!Important] -> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. -> - A new policy is required to use Update Compliance: `AllowUpdateComplianceProcessing`. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. +> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available. The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-v2-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. From 2e910a9042c91c8359ed8d00df3a4d5cd92cb05d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 16 Jun 2022 14:52:21 -0700 Subject: [PATCH 3/3] add comdatapipeline --- .../deployment/update/update-compliance-configuration-mem.md | 2 +- .../deployment/update/update-compliance-v2-configuration-mem.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md index edf0dc2abd..1661658fdb 100644 --- a/windows/deployment/update/update-compliance-configuration-mem.md +++ b/windows/deployment/update/update-compliance-configuration-mem.md @@ -67,7 +67,7 @@ Take the following steps to create a configuration profile that will set require - **Value**: 16 6. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: - **Name**: Allow commercial data pipeline - - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` - **Data type**: Integer - **Value**: 1 diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md index 3f5e826aa3..1a6b98c90c 100644 --- a/windows/deployment/update/update-compliance-v2-configuration-mem.md +++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md @@ -69,7 +69,7 @@ Take the following steps to create a configuration profile that will set require - **Value**: 16 1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: - **Name**: Allow commercial data pipeline - - **Description**: onfigures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. + - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` - **Data type**: Integer - **Value**: 1