deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into amrutk-working

Browse Source
This commit is contained in:
Thomas Raya
2020-02-24 15:57:36 -06:00
committed by GitHub
parent 9b7051eea8 3115c10faf
commit f362c2c039
90 changed files with 1040 additions and 1072 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/client-management/advanced-troubleshooting-802-authentication.md
View File

@ -59,7 +59,7 @@ First, validate the type of EAP method being used:
![eap authentication type comparison](images/comparisontable.png)
If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu:
If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Right click on the policy and select **Properties**. In the pop-up window, go to the **Constraints** tab and select the **Authentication Methods** section.
![Constraints tab of the secure wireless connections properties](images/eappropertymenu.png)
@ -118,4 +118,3 @@ Even if audit policy appears to be fully enabled, it sometimes helps to disable
[Troubleshooting Windows Vista 802.11 Wireless Connections](https://technet.microsoft.com/library/cc766215%28v=ws.10%29.aspx)<br>
[Troubleshooting Windows Vista Secure 802.3 Wired Connections](https://technet.microsoft.com/library/cc749352%28v=ws.10%29.aspx)

217
windows/client-management/mdm/bitlocker-csp.md
View File

@ -31,12 +31,15 @@ The following diagram shows the BitLocker configuration service provider in tree
![BitLocker csp](images/provisioning-csp-bitlocker.png)
<a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
<!--Policy-->
<a href="" id="requirestoragecardencryption"></a>**RequireStorageCardEncryption**
<!--Description-->
Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -57,12 +60,13 @@ Allows the administrator to require storage card encryption on the device. This
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
<!--SupportedValues-->
- 0 (default) Storage cards do not need to be encrypted.
- 1 Require storage cards to be encrypted.
<!--/SupportedValues-->
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
If you want to disable this policy use the following SyncML:
@ -87,11 +91,13 @@ If you want to disable this policy use the following SyncML:
```
Data type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="requiredeviceencryption"></a>**RequireDeviceEncryption**
<!--Description-->
Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -112,7 +118,7 @@ Allows the administrator to require encryption to be turned on by using BitLocke
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Data type is integer. Sample value for this node to enable this policy: 1.
Supported operations are Add, Get, Replace, and Delete.
@ -126,12 +132,12 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
- It must not be a system partition.
- It must not be backed by virtual storage.
- It must not have a reference in the BCD store.
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
- 1 Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
<!--/SupportedValues-->
If you want to disable this policy, use the following SyncML:
```xml
@ -152,10 +158,13 @@ If you want to disable this policy, use the following SyncML:
</SyncBody>
</SyncML>
```
<!--/Policy-->
<!--Policy-->
<a href="" id="encryptionmethodbydrivetype"></a>**EncryptionMethodByDriveType**
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)&quot;.
<!--Description-->
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)&quot;.
<!--/Description-->
<!--SupportedValues-->
<table>
<tr>
<th>Home</th>
@ -176,6 +185,8 @@ Allows you to set the default encryption method for each of the different drive
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)</em></li>
@ -183,6 +194,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -202,14 +214,14 @@ If you disable or do not configure this policy setting, BitLocker will use the d
EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives
EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
- 3 = AES-CBC 128
- 4 = AES-CBC 256
- 6 = XTS-AES 128
- 7 = XTS-AES 256
<!--/SupportedValues-->
> [!NOTE]
> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.
@ -231,9 +243,13 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="systemdrivesrequirestartupauthentication"></a>**SystemDrivesRequireStartupAuthentication**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Require additional authentication at startup&quot;.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -254,6 +270,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Require add
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Require additional authentication at startup</em></li>
@ -261,6 +279,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -297,7 +316,7 @@ Data id:
<li>ConfigureTPMPINKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key and PIN.</li>
<li>ConfigureTPMUsageDropDown_Name = (for computer with TPM) Configure TPM startup.</li>
</ul>
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
<ul>
<li>true = Explicitly allow</li>
@ -310,7 +329,7 @@ The possible values for &#39;yy&#39; are:
<li>1 = Required</li>
<li>0 = Disallowed</li>
</ul>
<!--/SupportedValues-->
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
```xml
@ -328,9 +347,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa
</Replace>
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="systemdrivesminimumpinlength"></a>**SystemDrivesMinimumPINLength**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Configure minimum PIN length for startup&quot;.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -351,6 +374,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Configure m
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name:<em>Configure minimum PIN length for startup</em></li>
@ -358,6 +383,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -397,9 +423,14 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<a href="" id="systemdrivesrecoverymessage"></a>**SystemDrivesRecoveryMessage**
This setting is a direct mapping to the Bitlocker Group Policy &quot;Configure pre-boot recovery message and URL&quot; (PrebootRecoveryInfo_Name).
<!--/Policy-->
<!--Policy-->
<a href="" id="systemdrivesrecoverymessage"></a>**SystemDrivesRecoveryMessage**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Configure pre-boot recovery message and URL&quot;
(PrebootRecoveryInfo_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -420,6 +451,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Configure p
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Configure pre-boot recovery message and URL</em></li>
@ -427,6 +460,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -445,6 +479,7 @@ Sample value for this node to enable this policy is:
```xml
<enabled/><data id="PrebootRecoveryInfoDropDown_Name" value="xx"/><data id="RecoveryMessage_Input" value="yy"/><data id="RecoveryUrl_Input" value="zz"/>
```
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
- 0 = Empty
@ -453,7 +488,7 @@ The possible values for &#39;xx&#39; are:
- 3 = Custom recovery URL is set.
- 'yy' = string of max length 900.
- 'zz' = string of max length 500.
<!--/SupportedValues-->
> [!NOTE]
> When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
@ -478,9 +513,13 @@ Disabling the policy will let the system choose the default behaviors. If you w
> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="systemdrivesrecoveryoptions"></a>**SystemDrivesRecoveryOptions**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose how BitLocker-protected operating system drives can be recovered&quot; (OSRecoveryUsage_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -501,6 +540,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose how
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Choose how BitLocker-protected operating system drives can be recovered</em></li>
@ -508,6 +549,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Operating System Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -536,7 +578,7 @@ Sample value for this node to enable this policy is:
```xml
<enabled/><data id="OSAllowDRA_Name" value="xx"/><data id="OSRecoveryPasswordUsageDropDown_Name" value="yy"/><data id="OSRecoveryKeyUsageDropDown_Name" value="yy"/><data id="OSHideRecoveryPage_Name" value="xx"/><data id="OSActiveDirectoryBackup_Name" value="xx"/><data id="OSActiveDirectoryBackupDropDown_Name" value="zz"/><data id="OSRequireActiveDirectoryBackup_Name" value="xx"/>
```
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
- true = Explicitly allow
- false = Policy not set
@ -549,7 +591,7 @@ The possible values for &#39;yy&#39; are:
The possible values for &#39;zz&#39; are:
- 2 = Store recovery passwords only
- 1 = Store recovery passwords and key packages
<!--/SupportedValues-->
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
```xml
@ -568,9 +610,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="fixeddrivesrecoveryoptions"></a>**FixedDrivesRecoveryOptions**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose how BitLocker-protected fixed drives can be recovered&quot; ().
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -591,6 +637,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose how
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Choose how BitLocker-protected fixed drives can be recovered</em></li>
@ -598,6 +646,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Fixed Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -627,7 +676,7 @@ Sample value for this node to enable this policy is:
```xml
<enabled/><data id="FDVAllowDRA_Name" value="xx"/><data id="FDVRecoveryPasswordUsageDropDown_Name" value="yy"/><data id="FDVRecoveryKeyUsageDropDown_Name" value="yy"/><data id="FDVHideRecoveryPage_Name" value="xx"/><data id="FDVActiveDirectoryBackup_Name" value="xx"/><data id="FDVActiveDirectoryBackupDropDown_Name" value="zz"/><data id="FDVRequireActiveDirectoryBackup_Name" value="xx"/>
```
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
<ul>
<li>true = Explicitly allow</li>
@ -647,7 +696,7 @@ The possible values for &#39;zz&#39; are:
<li>2 = Store recovery passwords only</li>
<li>1 = Store recovery passwords and key packages</li>
</ul>
<!--/SupportedValues-->
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
```xml
@ -666,9 +715,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="fixeddrivesrequireencryption"></a>**FixedDrivesRequireEncryption**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Deny write access to fixed drives not protected by BitLocker&quot; (FDVDenyWriteAccess_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -689,6 +742,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Deny write
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Deny write access to fixed drives not protected by BitLocker</em></li>
@ -696,6 +751,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Fixed Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -728,9 +784,13 @@ If you disable or do not configure this setting, all fixed data drives on the co
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="removabledrivesrequireencryption"></a>**RemovableDrivesRequireEncryption**
<!--Description-->
This setting is a direct mapping to the Bitlocker Group Policy &quot;Deny write access to removable drives not protected by BitLocker&quot; (RDVDenyWriteAccess_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -751,6 +811,8 @@ This setting is a direct mapping to the Bitlocker Group Policy &quot;Deny write
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
<ul>
<li>GP English name: <em>Deny write access to removable drives not protected by BitLocker</em></li>
@ -758,6 +820,7 @@ ADMX Info:
<li>GP path: <em>Windows Components/Bitlocker Drive Encryption/Removeable Drives</em></li>
<li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
</ul>
<!--/ADMXMapped-->
> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
@ -777,13 +840,13 @@ Sample value for this node to enable this policy is:
```xml
<enabled/><data id="RDVCrossOrg" value="xx"/>
```
<!--SupportedValues-->
The possible values for &#39;xx&#39; are:
<ul>
<li>true = Explicitly allow</li>
<li>false = Policy not set</li>
</ul>
<!--/SupportedValues-->
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
```xml
@ -800,17 +863,18 @@ Disabling the policy will let the system choose the default behaviors. If you wa
</Item>
</Replace>
```
<!--/Policy-->
<!--Policy-->
<a href="" id="allowwarningforotherdiskencryption"></a>**AllowWarningForOtherDiskEncryption**
<!--Description-->
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.
<!--/Description-->
> [!IMPORTANT]
> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview).
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -831,12 +895,13 @@ Allows the admin to disable the warning prompt for other disk encryption on the
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 1 (default) Warning prompt allowed.
<!--/SupportedValues-->
```xml
<Replace>
<CmdID>110</CmdID>
@ -846,7 +911,6 @@ The following list shows the supported values:
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>
@ -861,22 +925,24 @@ The following list shows the supported values:
>3. The user's personal OneDrive (MDM/MAM only).
>
>Encryption will wait until one of these three locations backs up successfully.
<a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**
<!--/Policy-->
<!--Policy-->
<a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**
<!--Description-->
Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
<!--/Description-->
> [!NOTE]
> This policy is only supported in Azure AD accounts.
"AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, silent encryption is enforced.
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
<!--SupportedValues-->
The expected values for this policy are:
- 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
- 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive.
<!--/SupportedValues-->
If you want to disable this policy use the following SyncML:
```xml
@ -893,9 +959,18 @@ If you want to disable this policy use the following SyncML:
</Item>
</Replace>
```
<!--/Policy-->
<!--Policy-->
<a href="" id="configurerecoverypasswordrotation"></a>**ConfigureRecoveryPasswordRotation**
<!--Description-->
This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -916,15 +991,28 @@ This setting initiates a client-driven recovery password refresh after an OS dri
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Value type is int. Supported operations are Add, Delete, Get, and Replace.
<!--SupportedValues-->
Supported values are:
- 0 Refresh off (default)
- 1 Refresh on for Azure AD-joined devices
- 2 Refresh on for both Azure AD-joined and hybrid-joined devices
<!--/SupportedValues-->
<!--/Policy-->
<!--Policy-->
<a href="" id="rotaterecoverypasswords"></a>**RotateRecoveryPasswords**
<!--Description-->
This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
<!--/Description-->
The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
@ -937,6 +1025,7 @@ Recovery password refresh will only occur for devices that are joined to Azure A
Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -957,14 +1046,21 @@ Each server-side recovery key rotation is represented by a request ID. The serve
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
<a href="" id="status"></a>**Status**
Interior node. Supported operation is Get.
<a href="" id="status-deviceencryptionstatus"></a>**Status/DeviceEncryptionStatus**
This node reports compliance state of device encryption on the system.
<!--/Policy-->
<!--Policy-->
<a href="" id="status-deviceencryptionstatus"></a>**Status/DeviceEncryptionStatus**
<!--Description-->
This node reports compliance state of device encryption on the system.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -985,15 +1081,25 @@ This node reports compliance state of device encryption on the system.
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--SupportedValues-->
Supported values:
- 0 - Indicates that the device is compliant.
- Any other value represents a non-compliant device.
<!--/SupportedValues-->
Value type is int. Supported operation is Get.
<!--/Policy-->
<!--Policy-->
<a href="" id="status-rotaterecoverypasswordsstatus"></a>**Status/RotateRecoveryPasswordsStatus**
<!--Description-->
This node reports the status of RotateRecoveryPasswords request.
<!--/Description-->
Status code can be one of the following:
@ -1001,6 +1107,7 @@ Status code can be one of the following:
- 1 - Pending
- 0 - Pass
- Any other code - Failure HRESULT
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -1021,11 +1128,21 @@ Status code can be one of the following:
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Value type is int. Supported operation is Get.
<!--/Policy-->
<!--Policy-->
<a href="" id="status-rotaterecoverypasswordsrequestid"></a>**Status/RotateRecoveryPasswordsRequestID**
<!--Description-->
This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
@ -1046,6 +1163,9 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Value type is string. Supported operation is Get.
### SyncML example
@ -1210,4 +1330,5 @@ The following example is provided to show proper format and should not be taken
<Final/>
</SyncBody>
</SyncML>
```
```
<!--/Policy-->

50
windows/client-management/mdm/dmclient-csp.md
View File

@ -1,6 +1,6 @@
---
title: DMClient CSP
description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings.
description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544
ms.reviewer:
manager: dansimp
@ -15,9 +15,9 @@ ms.date: 11/01/2017
# DMClient CSP
The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment.
The DMClient configuration service provider (CSP) is used to specify additional enterprise-specific mobile device management (MDM) configuration settings for identifying the device in the enterprise domain, for security mitigation for certificate renewal, and for server-triggered enterprise unenrollment.
The following diagram shows the DMClient configuration service provider in tree format.
The following diagram shows the DMClient CSP in tree format.
![dmclient csp](images/provisioning-csp-dmclient-th2.png)
@ -25,7 +25,7 @@ The following diagram shows the DMClient configuration service provider in tree
Root node for the CSP.
<a href="" id="updatemanagementserviceaddress"></a>**UpdateManagementServiceAddress**
For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You cannot add new servers to the list using this node.
<a href="" id="hwdevid"></a>**HWDevID**
Added in Windows 10, version 1703. Returns the hardware device ID.
@ -45,16 +45,17 @@ For Intune, use **MS DM Server** for Windows desktop or **SCConfigMgr** for Wind
Supported operations are Get and Add.
<a href="" id="provider-providerid-entdevicename"></a>**Provider/*ProviderID*/EntDeviceName**
Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process by way of the DMClient configuration service provider. You can retrieve it later during an OMA DM session.
Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process by way of the DMClient CSP. You can retrieve it later during an OMA DM session.
Supported operations are Get and Add.
<a href="" id="provider-providerid-entdmid"></a>**Provider/*ProviderID*/EntDMID**
Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process by way of the DMClient configuration service provider. You can retrieve it later during an OMA DM session.
Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process by way of the DMClient CSP. You can retrieve it later during an OMA DM session.
Supported operations are Get and Add.
> **Note**   Although hardware device IDs are guaranteed to be unique, there is a concern that this is not ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION configuration service providers **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
> [!NOTE]
> Although hardware device IDs are guaranteed to be unique, there is a concern that this is not ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSPs **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
This node is required and must be set by the server before the client certificate renewal is triggered.
@ -62,7 +63,8 @@ This node is required and must be set by the server before the client certificat
<a href="" id="provider-providerid-exchangeid"></a>**Provider/*ProviderID*/ExchangeID**
Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that is managed by exchange and natively managed by a dedicated management server.
> **Note**  In some cases for the desktop, this node will return "not found" until the user sets up their email.
> [!NOTE]
> In some cases for the desktop, this node will return "not found" until the user sets up their email.
@ -87,7 +89,7 @@ The following is a Get command example.
Supported operation is Get.
<a href="" id="provider-providerid-signedentdmid"></a>**Provider/*ProviderID*/SignedEntDMID**
Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the mobile device management server to verify client identity in order to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally.
Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the MDM server to verify client identity in order to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally.
Supported operation is Get.
@ -99,11 +101,12 @@ Supported operation is Get.
<a href="" id="provider-providerid-managementserviceaddress"></a>**Provider/*ProviderID*/ManagementServiceAddress**
Required. The character string that contains the device management server address. It can be updated during an OMA DM session by the management server to allow the server to load balance to another server in situations where too many devices are connected to the server.
> **Note**  When the ManagementServerAddressList value is set, the device ignores the value in ManagementServiceAddress.
> [!NOTE]
> When the **ManagementServerAddressList** value is set, the device ignores the value.
The DMClient configuration service provider will save the address to the same location as the w7 and DMS configuration service providers to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION configuration service provider](w7-application-csp.md).
The DMClient CSP will save the address to the same location as the w7 and DMS CSPs to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION configuration service provider](w7-application-csp.md).
Starting in Windows 10, version 1511, this node supports multiple server addresses in the format &lt;URL1&gt;&lt;URL2&gt;&lt;URL3&gt;. If there is only a single URL, then the &lt;&gt; are not required. This is supported for both desktop and mobile devices.
@ -143,8 +146,8 @@ Supported operations are Get, Replace, and Delete.
<a href="" id="provider-providerid-syncapplicationversion"></a>**Provider/*ProviderID*/SyncApplicationVersion**
Optional. Used by the management server to set the DM session version that the server and device should use. Default is 1.0. In Windows 10, the DM session protocol version of the client is 2.0. If the server is updated to support 2.0, then you should set this value to 2.0. In the next session, check to see if there is a client behavior change between 1.0 and 2.0.
> **Note**  
This node is only supported in Windows 10 and later.
> [!NOTE]
> This node is only supported in Windows 10 and later.
Once you set the value to 2.0, it will not go back to 1.0.
@ -160,9 +163,9 @@ When you query this node, a Windows 10 client will return 2.0 and a Windows 8.
Supported operation is Get.
<a href="" id="provider-providerid-aadresourceid"></a>**Provider/*ProviderID*/AADResourceID**
Optional. This is the ResourceID used when requesting the user token from the OMA DM session for Azure Active Directory enrollments (AAD Join or Add Accounts). The token is audience specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you are trying to access.
Optional. This is the ResourceID used when requesting the user token from the OMA DM session for Azure Active Directory (Azure AD) enrollments (Azure AD Join or Add Accounts). The token is audience-specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you are trying to access.
For more information about Azure Active Directory enrollment, see [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
<a href="" id="provider-providerid-enableomadmkeepalivemessage"></a>**Provider/*ProviderID*/EnableOmaDmKeepAliveMessage**
Added in Windows 10, version 1511. A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow.
@ -203,7 +206,7 @@ Here is an example of DM message sent by the device when it is in pending state:
```
<a href="" id="provider-providerid-aaddeviceid"></a>**Provider/*ProviderID*/AADDeviceID**
Added in Windows 10, version 1607. Returns the device ID for the Azure Active Directory device registration.
Added in Windows 10, version 1607. Returns the device ID for the Azure AD device registration.
Supported operation is Get.
@ -223,9 +226,10 @@ Added in Windows 10, version 1607. Configures the identifier used to uniquely a
Supported operations are Add, Get, Replace, and Delete.
<a href="" id="provider-providerid-managementserveraddresslist"></a>**Provider/*ProviderID*/ManagementServerAddressList**
Added in Windows 10, version 1607. The list of management server URLs in the format &lt;URL1&gt;&lt;URL2&gt;&lt;URL3&gt;, etc... If there is only one, the angle brackets (&lt;&gt;) are not required.
Added in Windows 10, version 1607. The list of management server URLs in the format &lt;URL1&gt;&lt;URL2&gt;&lt;URL3&gt;, and so on. If there is only one, the angle brackets (&lt;&gt;) are not required.
> **Note**  The &lt; and &gt; should be escaped.
> [!NOTE]
> The &lt; and &gt; should be escaped.
@ -260,6 +264,7 @@ Optional. Number of days after last successful sync to unenroll.
Supported operations are Add, Delete, Get, and Replace. Value type is integer.
<a href="" id="provider-providerid-aadsenddevicetoken"></a>**Provider/*ProviderID*/AADSendDeviceToken**
Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this will cause the client to send a Device Token if the User Token can not be obtained.
Supported operations are Add, Delete, Get, and Replace. Value type is bool.
@ -377,7 +382,8 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
**Invalid poll schedule: disable all poll schedules**
> **Note**   Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero.
> [!NOTE]
> Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero.
@ -557,7 +563,7 @@ Optional. Not configurable during WAP Provisioning XML. If removed, DM sessions
Supported operations are Add and Delete.
<a href="" id="provider-providerid-push-pfn"></a>**Provider/*ProviderID*/Push/PFN**
Required. A string provided by the Windows 10 ecosystem for a Mobile Device Management solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it is managing.
Required. A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it is managing.
Supported operations are Add, Get, and Replace.
@ -665,7 +671,7 @@ Required. Added in Windows 10, version 1709. This node contains a list of LocURI
Supported operations are Add, Delete, Get, and Replace. Value type is string.
<a href="" id="provider-providerid-firstsyncstatus-expectedmsiapppackages"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package. We will not verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` This represents App Package ProductID1 containing 4 apps, and ProductID2 containing 2 apps.
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We will not verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` This represents App Package ProductID1 containing four apps, and ProductID2 containing two apps.
Supported operations are Add, Delete, Get, and Replace. Value type is string.
@ -677,7 +683,7 @@ Required. Added in Windows 10, version 1709. This node contains a list of LocURI
./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2
```
This represents App Package PackageFullName containing 4 apps, and PackageFullName2 containing 2 apps.
This represents App Package PackageFullName containing four apps, and PackageFullName2 containing two apps.
Supported operations are Add, Delete, Get, and Replace. Value type is string.

99
windows/client-management/mdm/eap-configuration.md
View File

@ -1,6 +1,6 @@
---
title: EAP configuration
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10.
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
ms.reviewer:
manager: dansimp
@ -15,46 +15,46 @@ ms.date: 06/26/2017
# EAP configuration
The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10.
This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
## Create an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile
## Create an EAP configuration XML for a VPN profile
Here is an easy way to get the EAP configuration from your desktop using the rasphone tool that is shipped in the box.
To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box:
1. Run rasphone.exe.
![vpnv2 rasphone](images/vpnv2-csp-rasphone.png)
2. If you don't currently have any VPN connections and you see the following message, click **OK**.
1. If you don't currently have a VPN connection and you see the following message, select **OK**.
![vpnv2 eap configuration](images/vpnv2-csp-networkconnections.png)
3. Select **Workplace network** in the wizard.
1. In the wizard, select **Workplace network**.
![vpnv2 eap configuration](images/vpnv2-csp-setupnewconnection.png)
4. Enter any dummy information for the internet address and connection name. These can be fake since it does not impact the authentication parameters.
1. Enter an Internet address and connection name. These can be fake since it does not impact the authentication parameters.
![vpnv2 eap configuration](images/vpnv2-csp-setupnewconnection2.png)
5. Create a fake VPN connection. In the UI shown below, click **Properties**.
1. Create a fake VPN connection. In the UI shown here, select **Properties**.
![vpnv2 eap configuration](images/vpnv2-csp-choosenetworkconnection.png)
6. In the **Test Properties** dialog, click the **Security** tab.
1. In the **Test Properties** dialog, select the **Security** tab.
![vpnv2 eap configuration](images/vpnv2-csp-testproperties.png)
7. In the **Security** tab, select **Use Extensible Authentication Protocol (EAP)** radio button.
1. On the **Security** tab, select **Use Extensible Authentication Protocol (EAP)**.
![vpnv2 eap configuration](images/vpnv2-csp-testproperties2.png)
8. From the drop down menu, select the EAP method that you want to configure. Then click **Properties** to configure as needed.
1. From the drop-down menu, select the EAP method that you want to configure, and then select **Properties** to configure as needed.
![vpnv2 eap configuration](images/vpnv2-csp-testproperties3.png)![vpnv2 eap configuration](images/vpnv2-csp-testproperties4.png)
9. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
1. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
```powershell
Get-VpnConnection -Name Test
@ -88,7 +88,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
$a.EapConfigXmlStream.InnerXml
```
Here is an example output
Here is an example output.
```xml
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.co
@ -106,7 +106,8 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
/></FilteringInfo></TLSExtensions></EapType></Eap></Config></EapHostConfig>
```
**Note**  You should check with MDM vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
> [!NOTE]
> You should check with mobile device management (MDM) vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
- C:\\Windows\\schemas\\EAPHost
- C:\\Windows\\schemas\\EAPMethods
@ -115,46 +116,45 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
## EAP certificate filtering
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you might see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria so that it matches only one certificate.
Enterprises deploying certificate based EAP authentication for VPN/Wi-Fi can face a situation where there are multiple certificates that meet the default criteria for authentication. This can lead to issues such as:
Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This can lead to issues such as:
- The user may be prompted to select the certificate.
- The wrong certificate may get auto selected and cause an authentication failure.
- The user might be prompted to select the certificate.
- The wrong certificate might be auto-selected and cause an authentication failure.
A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP Configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
EAP XML must be updated with relevant information for your environment. This can be done manually by editing the following XML sample, or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
- For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You might need to refer to your MDMs guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
- For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags you will find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDMs guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
For information about EAP Settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>
For information about EAP settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
For information about generating an EAP XML, see EAP configuration
For information about generating an EAP XML, see the EAP configuration article.
For more information about extended key usage, see <http://tools.ietf.org/html/rfc5280#section-4.2.1.12>
For more information about extended key usage (EKU), see <http://tools.ietf.org/html/rfc5280#section-4.2.1.12>.
For information about adding extended key usage (EKU) to a certificate, see <https://technet.microsoft.com/library/cc731792.aspx>
For information about adding EKU to a certificate, see <https://technet.microsoft.com/library/cc731792.aspx>.
The following list describes the prerequisites for a certificate to be used with EAP:
- The certificate must have at least one of the following EKU (Extended Key Usage) properties:
- The certificate must have at least one of the following EKU properties:
- Client Authentication
- As defined by RFC 5280, this is a well-defined OID with Value 1.3.6.1.5.5.7.3.2
- Any Purpose
- An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
- All Purpose
- As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client chains to a trusted root CA
- Client Authentication. As defined by RFC 5280, this is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
- Any Purpose. This is an EKU defined and published by Microsoft, and is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that additional non-critical or custom EKUs can still be added to the certificate for effective filtering.
- All Purpose. As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but does not want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
- The user or the computer certificate on the client must chain to a trusted root CA.
- The user or the computer certificate does not fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
- The user or the computer certificate does not fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
- The Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN) of the user.
The following XML sample explains the properties for the EAP TLS XML including certificate filtering.
The following XML sample explains the properties for the EAP TLS XML, including certificate filtering.
> **Note**  For PEAP or TTLS Profiles the EAP TLS XML is embedded within some PEAP or TTLS specific elements.
> [!NOTE]
> For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.
 
@ -257,35 +257,38 @@ The following XML sample explains the properties for the EAP TLS XML including c
</EapHostConfig>
```
> **Note**  The EAP TLS XSD is located at **%systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd**
> [!NOTE]
> The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.
 
Alternately you can use the following procedure to create an EAP Configuration XML.
Alternatively, you can use the following procedure to create an EAP configuration XML:
1. Follow steps 1 through 7 in the EAP configuration topic.
2. In the Microsoft VPN SelfHost Properties dialog box, select **Microsoft : Smart Card or other Certificate** from the drop down (this selects EAP TLS.)
1. Follow steps 1 through 7 in the EAP configuration article.
1. In the **Microsoft VPN SelfHost Properties** dialog box, select **Microsoft: Smart Card or other Certificate** from the drop-down menu (this selects EAP TLS).
![vpn self host properties window](images/certfiltering1.png)
**Note**  For PEAP or TTLS, select the appropriate method and continue following this procedure.
> [!NOTE]
> For PEAP or TTLS, select the appropriate method and continue following this procedure.
 
3. Click the **Properties** button underneath the drop down menu.
4. In the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
1. Select the **Properties** button underneath the drop-down menu.
1. On the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
![smart card or other certificate properties window](images/certfiltering2.png)
5. In the **Configure Certificate Selection** menu, adjust the filters as needed.
1. On the **Configure Certificate Selection** menu, adjust the filters as needed.
![configure certificate window](images/certfiltering3.png)
6. Click **OK** to close the windows to get back to the main rasphone.exe dialog box.
7. Close the rasphone dialog box.
8. Continue following the procedure in the EAP configuration topic from Step 9 to get an EAP TLS profile with appropriate filtering.
1. Select **OK** to close the windows and get back to the main rasphone.exe dialog box.
1. Close the rasphone dialog box.
1. Continue following the procedure in the EAP configuration article from step 9 to get an EAP TLS profile with appropriate filtering.
> **Note**  You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) topic.
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) article.
 

8
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -120,9 +120,6 @@ Requirements:
> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed.
The default behavior for older releases is to revert to **User Credential**.
> [!NOTE]
> Device credential group policy setting is not supported for enrolling into Microsoft Intune.
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@ -174,7 +171,7 @@ Requirements:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or
> 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all)
> 2. Install the package on the Primary Domain Controller (PDC).
> 2. Install the package on the Domain Controller.
> 3. Navigate, depending on the version to the folder:
> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or
> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**, or
@ -182,14 +179,13 @@ Requirements:
> 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
> 5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.
> (If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain).
> 6. Restart the Primary Domain Controller for the policy to be available.
> 6. Restart the Domain Controller for the policy to be available.
> This procedure will work for any future version as well.
1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
2. Create a Security Group for the PCs.
3. Link the GPO.
4. Filter using Security Groups.
5. Enforce a GPO link.
## Troubleshoot auto-enrollment of devices

22
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -15,6 +15,8 @@ ms.date: 07/18/2019
# Policy CSP
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
@ -615,6 +617,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-bluetooth.md#bluetooth-servicesallowedlist" id="bluetooth-servicesallowedlist">Bluetooth/ServicesAllowedList</a>
</dd>
<dd>
<a href="./policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize"id=bluetooth-setminimumencryptionkeysize>Bluetooth/SetMinimumEncryptionKeySize</a>
</dd>
</dl>
### Browser policies
@ -3328,6 +3333,23 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-storage.md#storage-allowdiskhealthmodelupdates" id="storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-allowstoragesenseglobal"id="storage-allowstoragesenseglobal">Storage/AllowStorageSenseGlobal</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup"id="storage-allowstoragesensetemporaryfilescleanup">Storage/AllowStorageSenseTemporaryFilesCleanup</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold"id="storage-configstoragesensecloudcontentdehydrationthreshold">Storage/ConfigStorageSenseCloudContentDehydrationThreshold</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold"id="storage-configstoragesensedownloadscleanupthreshold">Storage/ConfigStorageSenseDownloadsCleanupThreshold</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-configstoragesenseglobalcadence"id="storage-configstoragesenseglobalcadence">Storage/ConfigStorageSenseGlobalCadence</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-configstoragesenserecyclebincleanupthreshold"id="storage-configstoragesenserecyclebincleanupthreshold">Storage/ConfigStorageSenseRecycleBinCleanupThreshold</a>
<dd>
<a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
</dd>

75
windows/client-management/mdm/policy-csp-bluetooth.md
View File

@ -7,14 +7,15 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.date: 02/12/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - Bluetooth
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
@ -40,6 +41,9 @@ manager: dansimp
<dd>
<a href="#bluetooth-servicesallowedlist">Bluetooth/ServicesAllowedList</a>
</dd>
<dd>
<a href="#bluetooth-setminimumencryptionkeysize">Bluetooth/SetMinimumEncryptionKeySize</a>
</dd>
</dl>
@ -390,6 +394,72 @@ The default value is an empty string. For more information, see [ServicesAllowed
<!--/Description-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="bluetooth-setminimumencryptionkeysize"></a>**Bluetooth/SetMinimumEncryptionKeySize**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>7</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Added in the next major release of Windows 10.
There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - All Bluetooth traffic is allowed.
- N - A number from 1 through 16 representing the bytes that must be used in the encryption process. Currently, 16 is the largest allowed value for N and 16 bytes is the largest key size that Bluetooth supports. If you want to enforce Windows to always use Bluetooth encryption, ignoring the precise encryption key strength, use 1 as the value for N.
For more information on allowed key sizes, refer to Bluetooth Core Specification v5.1.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
Footnotes:
@ -400,6 +470,7 @@ Footnotes:
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
- 7 - Added in the next major release of Windows 10.
<!--/Policies-->

1
windows/client-management/mdm/vpnv2-profile-xsd.md
View File

@ -194,7 +194,6 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
<NativeProtocolType>IKEv2</NativeProtocolType>
<Authentication>
<UserMethod>Eap</UserMethod>
<MachineMethod>Eap</MachineMethod>
<Eap>
<Configuration>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">

2
windows/client-management/troubleshoot-stop-errors.md
View File

@ -59,7 +59,7 @@ To troubleshoot Stop error messages, follow these general steps:
3. Run the [Machine Memory Dump Collector](https://home.diagnostics.support.microsoft.com/selfhelp?knowledgebasearticlefilter=2027760&wa=wsignin1.0) Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions.
4. Run [Microsoft Safety Scanner](http://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections.
4. Run [Microsoft Safety Scanner](https://www.microsoft.com/security/scanner/en-us/default.aspx) or any other virus detection program that includes checks of the Master Boot Record for infections.
5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 1015 percent free disk space.

4
windows/client-management/troubleshoot-windows-freeze.md
View File

@ -251,7 +251,7 @@ If the physical computer is still running in a frozen state, follow these steps
Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx).
Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](https://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx).
### Use memory dump to collect data for the virtual machine that's running in a frozen state
@ -284,4 +284,4 @@ On Windows Server 2008, you may not have enough free disk space to generate a co
Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028).
For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx).
For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](https://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx).

3
windows/deployment/update/windows-as-a-service.md
View File

@ -1,7 +1,6 @@
---
title: Windows as a service
ms.prod: windows-10
layout: LandingPage
ms.prod: windows-10
ms.topic: landing-page
ms.manager: elizapo
audience: itpro

4
windows/deployment/volume-activation/install-vamt.md
View File

@ -32,8 +32,8 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Requirements
- [Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access and all updates applied
- [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036)
- [Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
- [Windows 10, version 1903 ADK](https://go.microsoft.com/fwlink/?linkid=2086042)
- [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express)
- alternatively any full SQL instance e.g. SQL Server 2014 or newer incl. CU / SP

5
windows/deployment/windows-autopilot/add-devices.md
View File

@ -135,7 +135,7 @@ A summary of each platform's capabilities is provided below.<br>
</tr>
<tr>
<td><a href="https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles">Microsoft Store for Business</a><b><sup>4</sup></b></td>
<td><a href="https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles">Microsoft Store for Business</a></td>
<td>YES - 1000 at a time max</td>
<td>YES<b><sup>4</sup></b></td>
<td>4K HH</td>
@ -153,7 +153,8 @@ A summary of each platform's capabilities is provided below.<br>
><b><sup>1</sup></b>Microsoft recommended platform to use<br>
><b><sup>2</sup></b>Intune license required<br>
><b><sup>3</sup></b>Feature capabilities are limited<br>
><b><sup>4</sup></b>To be retired<br>
><b><sup>4</sup></b>Device profile assignment will be retired from MSfB and Partner Center in the coming months<br>
Also see the following topics for more information about device IDs:
- [Device identification](#device-identification)

5
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -204,8 +204,11 @@ See the following examples.
- <u>Enable the account and specify the local administrator password</u>: Optional.
- Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
> [!IMPORTANT]
> The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which uses the System Preparation Tool (sysprep). This action will fail if the target machine is joined to a domain.
>[!IMPORTANT]
>The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain.
> The System Preparation Tool (sysprep) will run with the /Generalize parameter which, on Windows 10 versions 1903 and 1909, will delete the Autopilot profile file and the machine will boot into OOBE phase instead of Autopilot phase. To fix this issue, please see [Windows Autopilot - known issues](https://docs.microsoft.com/windows/deployment/windows-autopilot/known-issues).
5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page.
6. On the State Migration page, enter the following details:

10
windows/release-information/resolved-issues-windows-10-1507.yml
View File

@ -33,7 +33,6 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -52,12 +51,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a>.</div><br><a href ='#351msg'>Back to top</a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a>.&nbsp;This optional update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"

12
windows/release-information/resolved-issues-windows-10-1607.yml
View File

@ -36,8 +36,6 @@ sections:
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 14393.3206<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522010' target='_blank'>KB4522010</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 14393.3204<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 17, 2019 <br>04:47 PM PT</td></tr>
<tr><td><div id='301msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br>Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.<br><br><a href = '#301msgdesc'>See details ></a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>September 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -64,16 +62,6 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516044' target='_blank'>KB4516044</a></td><td>Resolved:<br>September 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a>.&nbsp;This optional update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

20
windows/release-information/resolved-issues-windows-10-1709.yml
View File

@ -35,8 +35,6 @@ sections:
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534318' target='_blank'>KB4534318</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 16299.1392<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522012' target='_blank'>KB4522012</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -65,21 +63,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#336msg'>Back to top</a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.&nbsp;The optional update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

20
windows/release-information/resolved-issues-windows-10-1803.yml
View File

@ -38,8 +38,6 @@ sections:
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 17134.1009<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522014' target='_blank'>KB4522014</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
<tr><td><div id='325msg'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><br>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"<br><br><a href = '#325msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 03, 2019 <br>12:32 PM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -71,24 +69,6 @@ sections:
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a>.&nbsp;The optional update will be available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>Resolved:<br>August 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>Resolved:<br>August 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"
- title: June 2019
- items:
- type: markdown

12
windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
View File

@ -39,8 +39,6 @@ sections:
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 17763.740<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522015' target='_blank'>KB4522015</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='301msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br>Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.<br><br><a href = '#301msgdesc'>See details ></a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -78,16 +76,6 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='301msgdesc'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><div>&nbsp;Applications and scripts that call the <a href=\"https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation\" target=\"_blank\">NetQueryDisplayInformation</a> API or the <a href=\"https://docs.microsoft.com/en-us/windows/win32/adsi/adsi-winnt-provider\" target=\"_blank\">WinNT provider</a> equivalent may fail to return results after the first page of data, often 50 or 100 entries.&nbsp;When requesting additional pages you may receive the error, “1359: an internal error occurred.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a>.</div><br><a href ='#301msg'>Back to top</a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516077' target='_blank'>KB4516077</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>August 01, 2019 <br>05:00 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a>.&nbsp;This optional update is available on Microsoft Update Catalog, Windows Update, Microsoft Update and Windows Server Update Services (WSUS). As with any 'optional' update, you will need to <strong>Check for updates</strong> to receive <a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a> and install. For instructions, see <a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>.</div><div><br></div><div><strong>Note</strong> Windows Update for Business customers should apply the update via Microsoft Update Catalog or Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

12
windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -38,8 +38,6 @@ sections:
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='329msg'></div><b>You may receive an error when opening or using the Toshiba Qosmio AV Center</b><br>Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.<br><br><a href = '#329msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='307msg'></div><b>Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV</b><br>Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed<br><br><a href = '#307msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved External<br></td><td>August 27, 2019 <br>02:29 PM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512514' target='_blank'>KB4512514</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -93,15 +91,5 @@ sections:
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='307msgdesc'></div><b>Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV</b><div>Symantec identified the potential for a negative interaction that may occur after Windows Updates code signed with SHA-2 only certificates are installed on devices with Symantec or Norton antivirus programs installed. The software may not correctly identify files included in the update as code signed by Microsoft, putting the device at risk for a delayed or incomplete update.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>The safeguard hold has been removed.&nbsp;Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs. See the <a href=\"https://support.symantec.com/us/en/article.tech255857.html\" target=\"_blank\">Symantec support article</a> for additional detail and please reach out to Symantec or Norton support if you encounter any issues.</div><br><a href ='#307msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved External<br></td><td>Last updated:<br>August 27, 2019 <br>02:29 PM PT<br><br>Opened:<br>August 13, 2019 <br>10:05 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a>.&nbsp;The optional update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512514' target='_blank'>KB4512514</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512514' target='_blank'>KB4512514</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

20
windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -35,8 +35,6 @@ sections:
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='333msg'></div><b>Windows RT 8.1 devices may have issues opening Internet Explorer 11</b><br>On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.<br><br><a href = '#333msgdesc'>See details ></a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516067' target='_blank'>KB4516067</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512478' target='_blank'>KB4512478</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -65,21 +63,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='333msgdesc'></div><b>Windows RT 8.1 devices may have issues opening Internet Explorer 11</b><div>On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\"</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows RT 8.1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a>.</div><br><a href ='#333msg'>Back to top</a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516067' target='_blank'>KB4516067</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516041' target='_blank'>KB4516041</a></td><td>Resolved:<br>September 24, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a>.&nbsp;The optional update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512478' target='_blank'>KB4512478</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512478' target='_blank'>KB4512478</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

20
windows/release-information/resolved-issues-windows-server-2008-sp2.yml
View File

@ -36,8 +36,6 @@ sections:
<tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
<tr><td><div id='327msg'></div><b>Issues manually installing updates by double-clicking the .msu file</b><br>You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.<br><br><a href = '#327msgdesc'>See details ></a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>September 23, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516030' target='_blank'>KB4516030</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -75,21 +73,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516030' target='_blank'>KB4516030</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a>.&nbsp;The optional update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

20
windows/release-information/resolved-issues-windows-server-2012.yml
View File

@ -34,8 +34,6 @@ sections:
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516069' target='_blank'>KB4516069</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -63,21 +61,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='351msgdesc'></div><b>Intermittent issues when printing</b><div>Applications and printer drivers&nbsp;that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:</div><ul><li>Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app&nbsp;interacts with the print driver.</li><li>The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing.&nbsp;Only part of the print job might print and the rest might be canceled or error.</li></ul><div></div><div><strong>Note </strong>This issue also affects the Internet Explorer Cumulative Update <a href=\"https://support.microsoft.com/help/4522007/\" target=\"_blank\">KB4522007</a>, release September 23, 2019.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a>. If you are using Security Only updates, see&nbsp;<a href=\"https://support.microsoft.com/help/4519974\" target=\"_blank\">KB4519974</a>&nbsp;for resolving KB for your platform.</div><br><a href ='#351msg'>Back to top</a></td><td>September 24, 2019<br><a href ='https://support.microsoft.com/help/4516069' target='_blank'>KB4516069</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 30, 2019 <br>06:26 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='315msgdesc'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><div>After installing <a href='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a>, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an \"invalid procedure call error.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a>.&nbsp;The optional update is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).</div><br><a href ='#315msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>August 14, 2019 <br>03:34 PM PT</td></tr>
</table>
"
- title: July 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-10-1507.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 10240.18368<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='196msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#196msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
@ -78,7 +78,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
View File

@ -60,8 +60,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='61msg'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><br>Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.<br><br><a href = '#61msgdesc'>See details ></a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Resolved External<br></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 14393.3274<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='195msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#195msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -81,8 +81,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1709.yml
View File

@ -60,8 +60,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534318' target='_blank'>KB4534318</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 16299.1451<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='193msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#193msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -80,8 +80,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1803.yml
View File

@ -64,8 +64,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534308' target='_blank'>KB4534308</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17134.1069<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='192msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -84,8 +84,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -64,8 +64,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4534321' target='_blank'>KB4534321</a></td><td>January 23, 2020 <br>02:00 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
@ -85,8 +85,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1903.yml
View File

@ -64,8 +64,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
</table>
@ -83,8 +83,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1909.yml
View File

@ -64,8 +64,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='393msg'></div><b>“Reset this PC” feature might fail</b><br>“Reset this PC” feature is also called “Push Button Reset” or PBR.<br><br><a href = '#393msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4524244</b><br>You might encounter issues trying to install or after installing KB4524244<br><br><a href = '#392msgdesc'>See details ></a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
</table>
"
@ -82,8 +82,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2019<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='393msgdesc'></div><b>“Reset this PC” feature might fail</b><div>Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail.&nbsp;You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Workaround: </strong>The standalone security update, <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.</div><div><br></div><div>If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li><li>Upon restart use the “Reset this PC” feature and you should not encounter this issue.</li></ol><div><br></div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#393msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4524244</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>N/A <br>February 11, 2020<br><a href ='https://support.microsoft.com/help/4524244' target='_blank'>KB4524244</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +79,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-server-2012.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td><div id='392msg'></div><b>You might encounter issues with KB4502496</b><br>You might encounter issues trying to install or after installing KB4502496<br><br><a href = '#392msgdesc'>See details ></a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 15, 2020 <br>01:22 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +79,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>12:02 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='392msgdesc'></div><b>You might encounter issues with KB4502496</b><div>You might encounter issues trying to install or after installing <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>To help a sub-set of affected devices, the standalone security update (<a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a>) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog.&nbsp;<strong>Note</strong> This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates.</div><div><br></div><div>If this update is installed and you are experiencing issues, you can uninstall this update.</div><ol><li>Select the start button or Windows Desktop Search and type <strong>update history </strong>and select <strong>View your Update history</strong>.</li><li>On the <strong>Settings/View update history</strong> dialog window, Select <strong>Uninstall Updates</strong>.</li><li>On the <strong>Installed Updates</strong> dialog window, find and select <a href='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a> and select the <strong>Uninstall</strong> button.</li><li>Restart your device.</li></ol><div>&nbsp;</div><div><strong>Next steps: </strong>We are working on an improved version of this update in coordination with our partners and will release it in a future update.</div><br><a href ='#392msg'>Back to top</a></td><td>February 11, 2020<br><a href ='https://support.microsoft.com/help/4502496' target='_blank'>KB4502496</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>February 15, 2020 <br>01:22 AM PT<br><br>Opened:<br>February 15, 2020 <br>12:02 AM PT</td></tr>
</table>
"

5
windows/release-information/windows-message-center.yml
View File

@ -50,10 +50,11 @@ sections:
text: "
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
<tr><td id='394'><b>Status of February 2020 “C” release</b><a class='docon docon-link heading-anchor' aria-labelledby='394' href='#394'></a><br><div>The optional monthly “C” release for February 2020 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow <a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\"><u>@WindowsUpdate</u></a> for the latest on the availability of this release.</div></td><td>February 21, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='391'><a href = 'https://support.microsoft.com/help/4542617' target='_blank'><b>Compatibility issue with some Windows Server container images</b></a><a class='docon docon-link heading-anchor' aria-labelledby='391' href='#391'></a><br><div>If you are encountering issues with Windows Server container images, please see <a href=\"https://support.microsoft.com/help/4542617\" rel=\"noopener noreferrer\" target=\"_blank\">KB4542617</a>.</div></td><td>February 13, 2020 <br>03:21 PM PT</td></tr>
<tr><td id='389'><a href = 'https://support.microsoft.com/help/4532693' target='_blank'><b>Take action: February 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='389' href='#389'></a><br><div>The February 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='388'><b>Take action: ESU security updates available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2</b><a class='docon docon-link heading-anchor' aria-labelledby='388' href='#388'></a><br><div>Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 reached end of support on January 14, 2020. For customers who have purchased Extended Security Updates (ESU), the first monthly ESU security updates are now available. If your organization has&nbsp;not yet been able to complete your transition to Windows 10, Windows Server 2016, or Windows Server 2019 and want to continue to receive security updates for your current version of Windows, you will need to purchase Extended Security Updates. For information on how to do so, please see <a href=\"https://aka.ms/Windows7ESU\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>, Windows 7 <a href=\"https://support.microsoft.com/help/4527873\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently ask questions</a>, and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 <a href=\"https://www.microsoft.com/en-us/cloud-platform/extended-security-updates\" rel=\"noopener noreferrer\" target=\"_blank\">ESU frequently asked questions</a>.</div><div><br></div><div>We recommend ESU customers review the applicable KB article below for prerequisites and other important information you will need to deploy these updates.</div><div><br></div><div>The following updates were released today for Windows Server 2008 SP2:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538484\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538484</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537810\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537810</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537822\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537822</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537830\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537830</a>)</li><li>Internet Explorer 9 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul><div></div><div>The following updates were released today for Windows 7 SP1 and Windows Server 2008 R2 SP1:</div><ul><li>Extended Security Updates (ESU) Licensing Preparation Package (<a href=\"https://support.microsoft.com/help/4538483\" rel=\"noopener noreferrer\" target=\"_blank\">KB4538483</a>)</li><li>Monthly Rollup (<a href=\"https://support.microsoft.com/help/4537820\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537820</a>)</li><li>Security Only (<a href=\"https://support.microsoft.com/help/4537813\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537813</a>)</li><li>Servicing Stack Update (<a href=\"https://support.microsoft.com/help/4537829\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537829</a>)</li><li>Internet Explorer 11 Cumulative Updates (<a href=\"https://support.microsoft.com/help/4537767\" rel=\"noopener noreferrer\" target=\"_blank\">KB4537767</a>)</li></ul></td><td>February 11, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='387'><b>Resolved: Windows Search shows blank box</b><a class='docon docon-link heading-anchor' aria-labelledby='387' href='#387'></a><br><div>We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved&nbsp;for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved.&nbsp;</div><div><br></div><div>This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select <strong>CTRL + Shift + Esc </strong>then select the <strong>Details </strong>tab.)</div></td><td>February 05, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='387'><b>Resolved: Windows Search shows blank box</b><a class='docon docon-link heading-anchor' aria-labelledby='387' href='#387'></a><br><div>We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved&nbsp;for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved.&nbsp;</div><div><br></div><div>This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, to mitigate this issue you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select <strong>CTRL + Shift + Esc </strong>then select the <strong>Details </strong>tab.) If you have restarted and tried the previous mitigations and are still encountering issues with Windows Search, you are not experiencing the issue described here. Please see <a href=\"https://support.microsoft.com/help/4520146\" rel=\"noopener noreferrer\" target=\"_blank\" style=\"\">Fix problems in Windows Search</a> for other mitigations.</div></td><td>February 05, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='385'><a href = 'https://support.microsoft.com/help/4532695' target='_blank'><b>January 2020 Windows 10, version 1909 \"D\" optional release is available.</b></a><a class='docon docon-link heading-anchor' aria-labelledby='385' href='#385'></a><br><div>The January<strong> </strong>2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 28, 2020 <br>08:00 AM PT</td></tr>
<tr><td id='383'><b>January 2020 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='383' href='#383'></a><br><div>The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 23, 2020 <br>12:00 PM PT</td></tr>
<tr><td id='382'><a href = 'https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/' target='_blank'><b>Windows 7 has reached end of support</b></a><a class='docon docon-link heading-anchor' aria-labelledby='382' href='#382'></a><br><div>Windows&nbsp;7 reached end of support on January 14, 2020. If your organization has&nbsp;not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read <a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/how-to-get-extended-security-updates-for-eligible-windows/ba-p/917807\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\">Windows lifecycle fact sheet</a>.</div></td><td>January 15, 2020 <br>10:00 AM PT</td></tr>
@ -83,8 +84,6 @@ sections:
<tr><td id='320'><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297' target='_blank'><b>Take Action: Internet Explorer 11 now available on Windows Update/WSUS for Windows Server 2012 and Windows Embedded 8 Standard</b></a><a class='docon docon-link heading-anchor' aria-labelledby='320' href='#320'></a><br><div>Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4492872\" target=\"_blank\">KB 4492872</a>) is now available via Windows Update (WU) and Windows Server Update Services (WSUS) for commercial customers running Windows Server 2012 and Windows Embedded 8 Standard. For details about these changes and end of support for IE10, please refer to the&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297\" target=\"_blank\">IT Pro blog</a>.&nbsp;</div></td><td>August 29, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='309'><a href = 'https://support.microsoft.com/help/4472027' target='_blank'><b>Take action: SHA-2 code signing support guidance for Windows 7 SP1 and Windows Server 2008 RS2 SP1</b></a><a class='docon docon-link heading-anchor' aria-labelledby='309' href='#309'></a><br><div>Windows 7 SP1 and Windows Server 2008 R2 SP1 update signatures are now SHA-2 based signatures and requires that SHA-2 support to be installed. For important customer guidance on installation and troubleshooting tips, please read the knowledge base article <a href=\"https://support.microsoft.com/help/4472027\" target=\"_blank\">2019 SHA-2 Code Signing Support requirement for Windows and WSUS</a>.</div></td><td>August 23, 2019 <br>03:35 PM PT</td></tr>
<tr><td id='319'><b>Take action: Windows 10, version 1703 (the Windows 10 Creators Update) reaches end of life on October 9, 2019 </b><a class='docon docon-link heading-anchor' aria-labelledby='319' href='#319'></a><br><div>The Enterprise and Education editions of Windows 10, version 1703 (the Windows 10 Creators Update) will reach end of life on October 9, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions reached end of service on October 8, 2018.</div><div><br></div><div>There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats.</div><div><br></div><div>To continue receiving security and quality updates, Microsoft recommends that you update your devices to the latest version of Windows 10. For more information on end of service dates and currently supported versions of Windows 10, see the <a href=\"https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet\" target=\"_blank\">Windows lifecycle fact sheet</a>.</div></td><td>August 23, 2019 <br>02:17 PM PT</td></tr>
<tr><td id='318'><b>Resolved: Delays starting Internet Explorer 11</b><a class='docon docon-link heading-anchor' aria-labelledby='318' href='#318'></a><br><div>On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates.&nbsp;Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state,&nbsp;we recommend you install the latest monthly update.</div><div><br></div><div>This issue was resolved on the server side at 1:00 pm PST.&nbsp;</div></td><td>August 16, 2019 <br>04:00 PM PT</td></tr>
<tr><td id='312'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162' target='_blank'><b>Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162)</b></a><a class='docon docon-link heading-anchor' aria-labelledby='312' href='#312'></a><br><div>On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see <a href='https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162' target='_blank'>CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability</a></div></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='262'><a href = 'https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update/#1P75kJB6T5OhySyo.97' target='_blank'><b>Windows 10, version 1903 rollout begins</b></a><a class='docon docon-link heading-anchor' aria-labelledby='262' href='#262'></a><br>The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback.</td><td>May 21, 2019 <br>10:00 AM PT</td></tr>
</table>
"

2
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -141,7 +141,7 @@ You can also check that Windows Defender Credential Guard is running by using th
DG_Readiness_Tool_v3.6.ps1 -Ready
```
> [!IMPORTANT]
> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
> This is a known issue.
> [!NOTE]

4
windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
View File

@ -33,12 +33,14 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
|If your organization uses... |Add these entries to your Enterprise Cloud Resources network setting<br>(Replace "contoso" with your domain name(s)|
|-----------------------------|---------------------------------------------------------------------|
|Office 365 for Business |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>teams.microsoft.com</li></ul> |
|Sharepoint Online |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li></ul> |
|Yammer |<ul><li>www.yammer.com</li><li>yammer.com</li><li>persona.yammer.com</li></ul> |
|Outlook Web Access (OWA) |<ul><li>outlook.office.com</li><li>outlook.office365.com</li><li>attachments.office.net</li></ul> |
|Microsoft Dynamics |contoso.crm.dynamics.com |
|Visual Studio Online |contoso.visualstudio.com |
|Power BI |contoso.powerbi.com |
|Microsoft Teams |teams.microsoft.com |
|Other Office 365 services |<ul><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>project.microsoft.com</li></ul> |
You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.

12
windows/security/threat-protection/TOC.md
View File

@ -103,12 +103,11 @@
###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
###### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
### [Automated investigation and remediation]()
#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
#### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
### [Automated investigation and remediation (AIR)]()
#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
#### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
### [Secure score](microsoft-defender-atp/overview-secure-score.md)
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
### [Advanced hunting]()
@ -510,7 +509,7 @@
#### [Pull detections to your SIEM tools]()
#### [Raw data streaming API]()
##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
##### [Raw data streaming](microsoft-defender-atp/raw-data-export.md)
##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md)
@ -571,7 +570,6 @@
#### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
#### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
#### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
#### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
#### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
### [Permissions]()

8
windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
View File

@ -32,14 +32,6 @@ Audit Filtering Platform Policy Change allows you to audit events generated by c
Windows Filtering Platform (WFP) enables independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs).
This subcategory is outside the scope of this document.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|---------------------------------------------------------|
| Domain Controller | - | - | - | - | This subcategory is outside the scope of this document. |
| Member Server | - | - | - | - | This subcategory is outside the scope of this document. |
| Workstation | - | - | - | - | This subcategory is outside the scope of this document. |
- 4709(S): IPsec Services was started.
- 4710(S): IPsec Services was disabled.

19
windows/security/threat-protection/index.md
View File

@ -1,7 +1,7 @@
---
title: Threat Protection (Windows 10)
description: Learn how Microsoft Defender ATP helps protect against threats.
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting, cyber threat hunting, web threat protection
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, configuration score, advanced hunting, cyber threat hunting, web threat protection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -100,20 +100,17 @@ Endpoint detection and response capabilities are put in place to detect, investi
In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
- [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
- [Threat remediation](microsoft-defender-atp/automated-investigations.md#how-threats-are-remediated)
- [Manage automated investigation](microsoft-defender-atp/manage-auto-investigation.md)
- [Analyze automated investigation](microsoft-defender-atp/manage-auto-investigation.md#analyze-automated-investigations)
- [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
- [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
<a name="ss"></a>
**[Secure score](microsoft-defender-atp/overview-secure-score.md)**<br>
**[Configuration Score](microsoft-defender-atp/configuration-score.md)**<br>
>[!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) as [Configuration score](microsoft-defender-atp/configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
> Secure score is now part of [Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) as [Configuration score](microsoft-defender-atp/configuration-score.md).
Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Asset inventory](microsoft-defender-atp/secure-score-dashboard.md)
- [Recommended improvement actions](microsoft-defender-atp/secure-score-dashboard.md)
- [Secure score](microsoft-defender-atp/overview-secure-score.md)
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Configuration score](microsoft-defender-atp/configuration-score.md)
- [Threat analytics](microsoft-defender-atp/threat-analytics.md)
<a name="mte"></a>
@ -147,4 +144,4 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
<a name="mtp"></a>
**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**<br>
With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.
With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.

5
windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
View File

@ -108,6 +108,10 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
>[!NOTE]
>You'll need to have the appropriate license to enable this feature.
## Microsoft Secure Score
Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning this feature on gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
### Enable the Microsoft Defender ATP integration from the Azure ATP portal
To receive contextual machine integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
@ -185,4 +189,3 @@ You'll have access to upcoming features which you can provide feedback on to hel
- [Update data retention settings](data-retention-settings.md)
- [Configure alert notifications](configure-email-notifications.md)
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
- [Enable Secure Score security controls](enable-secure-score.md)

8
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
View File

@ -134,15 +134,15 @@ GUID: D4F940AB-401B-4EFC-AADC-AD5F3C50688A
### Block Office applications from creating executable content
This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating executable content.
This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk.
This rule targets a typical behavior where malware uses Office as a vector to break out of Office and save malicious components to disk, where they persist and survive a computer reboot. This rule prevents malicious code from being written to disk.
Malware that abuse Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique.
This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710
This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, SCCM CB 1710
Intune name: Office apps/macros creating executable content
Configuration Manager name: Block Office applications from creating executable content
SCCM name: Block Office applications from creating executable content
GUID: 3B576869-A4EC-4529-8536-B80A7769E899

154
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
View File

@ -1,14 +1,14 @@
---
title: Manage actions related to automated investigation and remediation
description: Use the action center to manage actions related to automated investigation and response
title: View details and results of automated investigations
description: Use the action center to view details and results following an automated investigation
keywords: action, center, autoir, automated, investigation, response, remediation
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.author: deniseb
author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@ -16,36 +16,142 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Manage actions related to automated investigation and remediation
# View details and results of automated investigations
The Action center aggregates all investigations that require an action for an investigation to proceed or be completed.
Pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) are listed in the **Action center** ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and the **Investigations** page ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)).
![Image of Action center page](images/action-center.png)
>[!NOTE]
>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation.
The action center consists of two main tabs:
- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
- History - Acts as an audit log for:
- All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
- All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
- Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
## The Action center
Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
![Action center page](images/action-center.png)
The action center consists of two main tabs, as described in the following table.
|Tab |Description |
|---------|---------|
|Pending actions |Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. <br/><br/>**NOTE**: The Pending tab appears only if there are pending actions to be approved (or rejected). |
|History |Acts as an audit log for all of the following: <br/>- All actions taken by automated investigation and remediation in Microsoft Defender ATP <br/>Actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) <br/>- All commands ran and remediation actions that were applied in Live Response sessions (some actions can be undone) <br/>- Remediation actions that were applied by Windows Defender Antivirus (some actions can be undone) |
Use the **Customize columns** menu to select columns that you'd like to show or hide.
You can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
## The Investigations page
![Image of Auto investigations page](images/atp-auto-investigations-list.png)
On the **Investigations** page, you'll find a list of all automated investigations. Select an item in the list to view additional information about that automated investigation.
By default, the automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range.
Use the **Customize columns** menu to select columns that you'd like to show or hide.
From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
### Filters for the list of investigations
>[!NOTE]
>The tab will only appear if there are pending actions for that category.
On the **Investigations** page, you can view details and use filters to focus on specific information. The following table lists available filters:
### Approve or reject an action
You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
|Filter |Description |
|---------|---------|
|**Status** |(See [Automated investigation status](#automated-investigation-status)) |
|**Triggering alert** | The alert that initiated the automated investigation |
|**Detection source** |The source of the alert that initiated the automated investigation. |
|**Entities** | These can include device or machines, and machine groups. You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine, or to see specific machine groups that you might have created. |
|**Threat** |The category of threat detected during the automated investigation. |
|**Tags** |Filter using manually added tags that capture the context of an automated investigation.|
|**Comments** |Select between filtering the list between automated investigations that have comments and those that don't.|
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
## Automated investigation status
From the panel, you can click on the Open investigation page link to see the investigation details.
An automated investigation can be have one of the following status values:
You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
|Status |Description |
|---------|---------|
| No threats found | No malicious entities found during the investigation. |
| Failed | A problem has interrupted the investigation, preventing it from completing. |
| Partially remediated | A problem prevented the remediation of some malicious entities. |
| Pending action | Remediation actions require review and approval. |
| Waiting for machine | Investigation paused. The investigation will resume as soon as the machine is available. |
| Queued | Investigation has been queued and will resume as soon as other remediation activities are completed. |
| Running | Investigation ongoing. Malicious entities found will be remediated. |
| Remediated | Malicious entities found were successfully remediated. |
| Terminated by system | Investigation was stopped by the system. |
| Terminated by user | A user stopped the investigation before it could complete. |
| Partially investigated | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
## Related topics
- [Automated investigation and investigation](automated-investigations.md)
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
## View details about an automated investigation
![Image of investigation details window](images/atp-analyze-auto-ir.png)
You can view the details of an automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
In this view, you'll see the name of the investigation, when it started and ended.
### Investigation graph
The investigation graph provides a graphical representation of an automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
A progress ring shows two status indicators:
- Orange ring - shows the pending portion of the investigation
- Green ring - shows the running time portion of the investigation
![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png)
In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds.
The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval.
From this view, you can also view and add comments and tags about the investigation.
### Alerts
The **Alerts** tab for an automated investigation shows details such as a short description of the alert that initiated the automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to.
Additional alerts seen on a machine can be added to an automated investigation as long as the investigation is ongoing.
Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, automated investigation details, related machine, logged-on users, and comments and history.
Clicking on an alert title brings you the alert page.
### Machines
The **Machines** tab Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
Clicking on an machine name brings you the machine page.
### Evidence
The **Evidence** tab shows details related to threats associated with this investigation.
### Entities
The **Entities** tab shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
### Log
The **Log** tab gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
Available filters include action type, action, status, machine name, and description.
You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data.
### Pending actions
If there are pending actions on an automated investigation, you'll see a pop up similar to the following image.
![Image of pending actions](images/pending-actions.png)
When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **automated investigation** > **Action center**.
## Next steps
[View and approve remediation actions](manage-auto-investigation.md)

6
windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
View File

@ -85,3 +85,9 @@ When a pending action is approved, the entity is then remediated and this new st
## Next step
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
## Related articles
- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
- [Automated investigation and response in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)

31
windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
View File

@ -1,6 +1,6 @@
---
title: Overview of Configuration score in Microsoft Defender Security Center
description: Expand your visibility into the overall security configuration posture of your organization
description: Your configuration score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -8,45 +8,50 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.author: ellevin
author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/11/2019
---
# Configuration score
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as Configuration score. The secure score page will be available for a few weeks.
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
The Microsoft Defender Advanced Threat Protection Configuration score gives you visibility and control over the security posture of your organization based on security best practices. High configuration score means your endpoints are more resilient from cybersecurity threat attacks.
Your Configuration score is visible in the Threat & Vulnerability Management dashboard of the Microsoft Defender Security Center. It reflects the collective security configuration state of your machines across the following categories:
Your configuration score widget shows the collective security configuration state of your machines across the following categories:
- Application
- Operating system
- Network
- Accounts
- Security controls
## How it works
>[!NOTE]
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks.
## How it works
>[!NOTE]
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
The data in the configuration score widget is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction) by remediating the misconfiguration
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
- Collect and monitor changes of security control configuration state from all assets
From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
## Improve your configuration score
The goal is to remediate the issues in the security recommendations list to improve your configuration score. You can filter the view based on:
- **Related component** — **Accounts**, **Application**, **Network**, **OS**, or **Security controls**
- **Remediation type** — **Configuration change** or **Software update**
@ -64,6 +69,7 @@ See how you can [improve your security configuration](https://docs.microsoft.com
>2. Key-in the security update KB number that you need to download, then click **Search**.
## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
@ -78,4 +84,3 @@ See how you can [improve your security configuration](https://docs.microsoft.com
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)

1
windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
View File

@ -100,5 +100,4 @@ This section lists various issues that you may encounter when using email notifi
## Related topics
- [Update data retention settings](data-retention-settings.md)
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
- [Enable Secure Score security controls](enable-secure-score.md)
- [Configure advanced features](advanced-features.md)

1
windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
View File

@ -44,5 +44,4 @@ During the onboarding process, a wizard takes you through the general settings o
- [Update data retention settings](data-retention-settings.md)
- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
- [Enable Secure Score security controls](enable-secure-score.md)
- [Configure advanced features](advanced-features.md)

2
windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md
View File

@ -38,7 +38,7 @@ Set the baselines for calculating the score of security controls on the Secure S
3. Click **Save preferences**.
## Related topics
- [View the Secure Score dashboard](secure-score-dashboard.md)
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Update data retention settings for Microsoft Defender ATP](data-retention-settings.md)
- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/machine-info-datatype-example.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 58 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/mdatp-investigations.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/storage-account-event-schema.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 82 KiB

2
windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
View File

@ -78,7 +78,7 @@ Filter by machines that are well configured or require attention based on the se
- **Well configured** - Machines have the security controls well configured.
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
For more information, see [View the Secure Score dashboard](secure-score-dashboard.md).
For more information, see [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md).
### Threat mitigation status

192
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -1,6 +1,6 @@
---
title: Learn about the automated investigations dashboard in Microsoft Defender Security Center
description: View the automated investigations list. View the status, detection source and other details for automated investigations.
title: Review and approve actions following automated investigations in the Microsoft Defender Security Center
description: Review and approve (or reject) remediation actions following an automated investigation.
keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, machines, duration, filter export
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -8,8 +8,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.author: deniseb
author: denisebmsft
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@ -17,154 +17,52 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Learn about the automated investigations dashboard
By default, the automated investigations list displays investigations initiated in the last week. You can also choose to select other time ranges from the drop-down menu or specify a custom range.
# Review and approve actions following an automated investigation
>[!NOTE]
>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation.
## Remediation actions
Use the **Customize columns** drop-down menu to select columns that you'd like to show or hide.
When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organizations security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.
From this view, you can also download the entire list in CSV format using the **Export** button, specify the number of items to show per page, and navigate between pages. You also have the flexibility to filter the list based on your preferred criteria.
When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
- Quarantine file
- Remove registry key
- Kill process
- Stop service
- Remove registry key
- Disable driver
- Remove scheduled task
![Image of Auto investigations page](images/atp-auto-investigations-list.png)
Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible. This helps your automated investigations complete in a timely manner.
No actions are taken when evidence is determined to be *Clean*.
In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
## Review pending actions
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
3. Review any items on the **Pending** tab.
Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
You can also select multiple investigations to approve or reject actions on multiple investigations.
## Review completed actions
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
3. Select the **History** tab. (If need be, expand the time period to display more data.)
4. Select an item to view more details about that remediation action.
**Filters**</br>
You can use the following operations to customize the list of automated investigations displayed:
## Related articles
- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
**Triggering alert**</br>
The alert that initiated the automated investigation.
**Status**</br>
An automated investigation can be in one of the following status:
Status | Description
:---|:---
| No threats found | No malicious entities found during the investigation.
| Failed | A problem has interrupted the investigation, preventing it from completing. |
| Partially remediated | A problem prevented the remediation of some malicious entities. |
| Pending action | Remediation actions require review and approval. |
| Waiting for machine | Investigation paused. The investigation will resume as soon as the machine is available. |
| Queued | Investigation has been queued and will resume as soon as other remediation activities are completed. |
| Running | Investigation ongoing. Malicious entities found will be remediated. |
| Remediated | Malicious entities found were successfully remediated. |
| Terminated by system | Investigation was stopped by the system. |
| Terminated by user | A user stopped the investigation before it could complete.
| Partially investigated | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
**Detection source**</br>
Source of the alert that initiated the automated investigation.
**Threat**</br>
The category of threat detected during the automated investigation.
**Tags**</br>
Filter using manually added tags that capture the context of an automated investigation.
**Machines**</br>
You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine.
**Machine groups**</br>
Apply this filter to see specific machine groups that you might have created.
**Comments**</br>
Select between filtering the list between automated investigations that have comments and those that don't.
## Analyze automated investigations
You can view the details of an automated investigation to see information such as the investigation graph, alerts associated with the investigation, the machine that was investigated, and other information.
In this view, you'll see the name of the investigation, when it started and ended.
![Image of investigation details window](images/atp-analyze-auto-ir.png)
The progress ring shows two status indicators:
- Orange ring - shows the pending portion of the investigation
- Green ring - shows the running time portion of the investigation
![Image of start, end, and pending time for an automated investigation](images/atp-auto-investigation-pending.png)
In the example image, the automated investigation started on 10:26:59 AM and ended on 10:56:26 AM. Therefore, the entire investigation was running for 29 minutes and 27 seconds.
The pending time of 16 minutes and 51 seconds reflects two possible pending states: pending for asset (for example, the device might have disconnected from the network) or pending for approval.
From this view, you can also view and add comments and tags about the investigation.
### Investigation page
The investigation page gives you a quick summary on the status, alert severity, category, and detection source.
You'll also have access to the following sections that help you see details of the investigation with finer granularity:
- Investigation graph
- Alerts
- Machines
- Evidence
- Entities
- Log
- Pending actions
>[!NOTE]
>The Pending actions tab is only displayed if there are actual pending actions.
- Pending actions history
>[!NOTE]
>The Pending actions history tab is only displayed when an investigation is complete.
In any of the sections, you can customize columns to further expand to limit the details you see in a section.
### Investigation graph
The investigation graph provides a graphical representation of an automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
### Alerts
Shows details such as a short description of the alert that initiated the automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to.
Additional alerts seen on a machine can be added to an automated investigation as long as the investigation is ongoing.
Selecting an alert using the check box brings up the alerts details pane where you have the option of opening the alert page, manage the alert by changing its status, see alert details, automated investigation details, related machine, logged-on users, and comments and history.
Clicking on an alert title brings you the alert page.
### Machines
Shows details the machine name, IP address, group, users, operating system, remediation level, investigation count, and when it was last investigated.
Machines that show the same threat can be added to an ongoing investigation and will be displayed in this tab. If 10 or more machines are found during this expansion process from the same entity, then that expansion action will require an approval and will be seen in the **Pending actions** view.
Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
Clicking on an machine name brings you the machine page.
### Evidence
Shows details related to threats associated with this investigation.
### Entities
Shows details about entities such as files, process, services, drives, and IP addresses. The table details such as the number of entities that were analyzed. You'll gain insight into details such as how many are remediated, suspicious, or determined to be clean.
### Log
Gives a chronological detailed view of all the investigation actions taken on the alert. You'll see the action type, action, status, machine name, description of the action, comments entered by analysts who may have worked on the investigation, execution start time, duration, pending duration.
As with other sections, you can customize columns, select the number of items to show per page, and filter the log.
Available filters include action type, action, status, machine name, and description.
You can also click on an action to bring up the details pane where you'll see information such as the summary of the action and input data.
### Pending actions history
This tab is only displayed when an investigation is complete and shows all pending actions taken during the investigation.
## Pending actions
If there are pending actions on an automated investigation, you'll see a pop up similar to the following image.
![Image of pending actions](images/pending-actions.png)
When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).
## Related topic
- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
- [Automated investigation and response in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)

3
windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
View File

@ -125,7 +125,8 @@ It's important to understand the following prerequisites prior to creating indic
> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS): <br>
> NOTE:
>- IP is supported for all three protocols
>- Encrypted URLs can only be blocked on first party browsers
>- Encrypted URLs (full path) can only be blocked on first party browsers
>- Encrypted URLS (FQDN only) can be blocked outside of first party browsers
>- Full URL path blocks can be applied on the domain level and all unencrypted URLs
>[!NOTE]

6
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
View File

@ -98,11 +98,11 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
<a name="ss"></a>
**[Secure score](overview-secure-score.md)**<br>
**[Configuration score](configuration-score.md)**<br>
> [!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md).
Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
<a name="mte"></a>

6
windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
View File

@ -95,9 +95,6 @@
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md)
### [Threat analytics](threat-analytics.md)
@ -298,8 +295,6 @@
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
@ -481,7 +476,6 @@
##### [Update data retention settings](data-retention-settings.md)
##### [Configure alert notifications](configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
##### [Enable Secure score security controls](enable-secure-score.md)
##### [Configure advanced features](advanced-features.md)
#### [Permissions]()

1
windows/security/threat-protection/microsoft-defender-atp/onboard.md
View File

@ -31,7 +31,6 @@ Topic | Description
:---|:---
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
[Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization.
[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.

93
windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md
View File

@ -1,93 +0,0 @@
---
title: Overview of Secure score in Microsoft Defender Security Center
description: Expand your visibility into the overall security posture of your organization
keywords: secure score, security controls, improvement opportunities, security score over time, score, posture, baseline
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Overview of Secure score in Microsoft Defender Security Center
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks.
The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
>[!IMPORTANT]
> This feature is available for machines on Windows 10, version 1703 or later.
The **Secure score dashboard** displays a snapshot of:
- Microsoft secure score
- Secure score over time
- Top recommendations
- Improvement opportunities
![Secure score dashboard](images/new-secure-score-dashboard.png)
## Microsoft secure score
The Microsoft secure score tile is reflective of the sum of all the security controls that are configured according to the recommended Windows baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
![Image of Microsoft secure score tile](images/mss.png)
Each Microsoft security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported Microsoft security controls (security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar).
The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
In the example image, the total points for the security controls and Office 365 add up to 602 points.
You can set the baselines for calculating the security control scores on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score.md).
## Secure score over time
You can track the progression of your organizational security posture over time using this tile. It displays the overall score in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
![Image of the security score over time tile](images/new-ssot.png)
You can mouse over specific date points to see the total score for that security control is on a specific date.
## Top recommendations
Reflects specific actions you can take to significantly increase the security stance of your organization and how many points will be added to the secure score if you take the recommended action.
![Top recommendations tile](images/top-recommendations.png)
## Improvement opportunities
Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
Clicking on the affected machines link at the top of the table takes you to the Machines list. The list is filtered to reflect the list of machines where improvements can be made.
![Improvement opportunities](images/io.png)
Within the tile, you can click on each control to see the recommended optimizations.
Clicking the link under the **Misconfigured machines** column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
## Related topic
- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
- [Threat analytics](threat-analytics.md)

2
windows/security/threat-protection/microsoft-defender-atp/overview.md
View File

@ -38,7 +38,7 @@ Topic | Description
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Microsoft Defender ATP so you can protect desktops, portable computers, and servers.
[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Microsoft Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
[Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Configuration score](configuration-score.md) | Your configuration score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls.
[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand. <p><p>**NOTE:** <p>Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.<p>If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.
[Advanced hunting](advanced-hunting-overview.md) | Use a powerful query-based threat-hunting tool to proactively find breach activity and create custom detection rules.
[Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.

2
windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
View File

@ -122,5 +122,5 @@ Icon | Description
## Related topics
- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
- [View the Security operations dashboard](security-operations-dashboard.md)
- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)

15
windows/security/threat-protection/microsoft-defender-atp/product-brief.md
View File

@ -36,33 +36,33 @@ Capability | Description
**Threat and Vulnerability Management** | This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
**Attack Surface Reduction** | The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
**Next Generation Protection** | To further reinforce the security perimeter of the organizations network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
**Microsoft Threat Experts** | Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
**Secure Score** | Microsoft Defender ATP includes a secure score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization.
**Configuration Score** | Microsoft Defender ATP includes configuration score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization.
**Advance Hunting** | Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in the organization.
**Management and API** | Integrate Microsoft Defender Advanced Threat Protection into existing workflows.
**Microsoft Threat Protection** | Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to the organization. | |
Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
- **Cloud security analytics**: Leveraging big-data, machine-learning, and
- **Cloud security analytics**: Leveraging big-data, machine-learning, and
unique Microsoft optics across the Windows ecosystem,
enterprise cloud products (such as Office 365), and online assets, behavioral signals
are translated into insights, detections, and recommended responses
to advanced threats.
- **Threat intelligence**: Generated by Microsoft hunters, security teams,
- **Threat intelligence**: Generated by Microsoft hunters, security teams,
and augmented by threat intelligence provided by partners, threat
intelligence enables Microsoft Defender ATP to identify attacker
tools, techniques, and procedures, and generate alerts when these
are observed in collected sensor data.
## Licensing requirements
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
- Windows 10 Enterprise E5
@ -71,4 +71,5 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
- Microsoft 365 A5 (M365 A5)
## Related topic
- [Prepare deployment](prepare-deployment.md)

3
windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
View File

@ -63,6 +63,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each event hub message in Azure Event Hubs contains list of records.
- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
- In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the machine. Here every event will be decorated with this column as well. See [Machine Groups](machine-groups.md) for more information.
## Data types mapping:
@ -78,7 +79,7 @@ To get the data types for event properties do the following:
```
- Here is an example for Machine Info event:
- Here is an example for Device Info event:
![Image of event hub resource Id](images/machine-info-datatype-example.png)

1
windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
View File

@ -64,6 +64,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each blob contains multiple rows.
- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
- In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the machine. Here every event will be decorated with this column as well. See [Machine Groups](machine-groups.md) for more information.
## Data types mapping:

2
windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
View File

@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Raw Data Streaming API (Preview)
# Raw Data Streaming API
**Applies to:**

315
windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
View File

@ -1,315 +0,0 @@
---
title: Configure the security controls in Secure score
description: Configure the security controls in Secure score
keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, microsoft secure score, security controls, security control, improvement opportunities, edr, antivirus, av, os security updates
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Configure the security controls in Secure score
**Applies to:**
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> [!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
Each security control lists recommendations that you can take to increase the security posture of your organization.
### Endpoint detection and response (EDR) optimization
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for your Endpoint detection and response tool.
> [!IMPORTANT]
> This feature is available for machines on Windows 10, version 1607 or later.
#### Minimum baseline configuration setting for EDR
* Microsoft Defender ATP sensor is on
* Data collection is working correctly
* Communication to Microsoft Defender ATP service is not impaired
##### Recommended actions
You can take the following actions to increase the overall security score of your organization:
* Turn on sensor
* Fix sensor data collection
* Fix impaired communications
For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
### Windows Defender Antivirus (Windows Defender AV) optimization
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender AV.
> [!IMPORTANT]
> This feature is available for machines on Windows 10, version 1607 or later.
#### Minimum baseline configuration setting for Windows Defender AV:
A well-configured machine for Windows Defender AV meets the following requirements:
- Windows Defender AV is reporting correctly
- Windows Defender AV is turned on
- Security intelligence is up-to-date
- Real-time protection is on
- Potentially Unwanted Application (PUA) protection is enabled
You can take the following actions to increase the overall security score of your organization:
>[!NOTE]
> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the machine.
- Fix antivirus reporting
- This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
- Turn on antivirus
- Update antivirus Security intelligence
- Turn on real-time protection
- Turn on PUA protection
For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
### OS security updates optimization
This tile shows you the number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
> [!IMPORTANT]
> This feature is available for machines on Windows 10, version 1607 or later.
You can take the following actions to increase the overall security score of your organization:
* Install the latest security updates
* Fix sensor data collection
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/help/4027322/windows-windows-update-troubleshooter).
### Windows Defender Exploit Guard (Windows Defender EG) optimization
<!-- Should we delete this section? When is the GUI getting updated? -->
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on machines to meet the minimum baseline configuration setting for Microsoft Defender EG. When endpoints are configured according to the baseline the Microsoft Defender EG events shows on the Microsoft Defender ATP Machine timeline.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1709 or later.
#### Minimum baseline configuration setting for Windows Defender EG
Machines are considered "well configured" for Microsoft Defender EG if the following requirements are met:
* System level protection settings are configured correctly
* Attack Surface Reduction rules are configured correctly
* Controlled Folder Access setting is configured correctly
##### System level protection
The following system level configuration settings must be set to **On or Force On**:
1. Control Flow Guard
2. Data Execution Prevention (DEP)
3. Randomize memory allocations (Bottom-up ASLR)
4. Validate exception chains (SEHOP)
5. Validate heap integrity
> [!NOTE]
> The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
> Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
##### Attack Surface Reduction (ASR) rules
The following ASR rules must be configured to **Block mode**:
Rule description | GUIDs
-|-
Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
> [!NOTE]
> The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
> Consider enabling this rule in **Audit** or **Block mode** for better protection.
##### Controlled Folder Access
The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
> [!NOTE]
> Audit mode, allows you to see audit events in the Microsoft Defender ATP Machine timeline however it does not block suspicious applications.
> Consider enabling Controlled Folder Access for better protection.
##### Recommended actions
You can take the following actions to increase the overall security score of your organization:
- Turn on all system-level Exploit Protection settings
- Set all ASR rules to enabled or audit mode
- Turn on Controlled Folder Access
- Turn on Windows Defender Antivirus on compatible machines
### Windows Defender Application Guard (Windows Defender AG) optimization
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender AG. When endpoints are configured according to the baseline, Windows Defender AG events shows on the Microsoft Defender ATP Machine timeline.
A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender AG. When endpoints are configured according to the baseline, Microsoft Defender AG events shows on the Microsoft Defender ATP Machine timeline.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1709 or later.
#### Minimum baseline configuration setting for Windows Defender AG:
A well-configured machine for Windows Defender AG meets the following requirements:
- Hardware and software prerequisites are met
- Windows Defender AG is turned on compatible machines
- Managed mode is turned on
You can take the following actions to increase the overall security score of your organization:
* Ensure hardware and software prerequisites are met
> [!NOTE]
> This improvement item does not contribute to the security score in itself because it's not a prerequisite for Microsoft Defender AG. It gives an indication of a potential reason why Microsoft Defender AG is not turned on.
* Turn on Microsoft Defender AG on compatible machines
* Turn on managed mode
For more information, see [Microsoft Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
### Windows Defender SmartScreen optimization
A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender SmartScreen.
> [!WARNING]
> Data collected by Microsoft Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Microsoft Defender ATP data.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1709 or later.
#### Minimum baseline configuration setting for Windows Defender SmartScreen:
The following settings must be configured with the following settings:
* Check apps and files: **Warn** or **Block**
* Microsoft Defender SmartScreen for Microsoft Edge: **Warn** or **Block**
* Microsoft Defender SmartScreen for Microsoft store apps: **Warn** or **Off**
You can take the following actions to increase the overall security score of your organization:
- Set **Check app and files** to **Warn** or **Block**
- Set **Windows Defender SmartScreen for Microsoft Edge** to **Warn** or **Block**
- Set **Windows Defender SmartScreen for Microsoft store apps** to **Warn** or **Off**
For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
* Set **Check app and files** to **Warn** or **Block**
* Set **Windows Defender SmartScreen for Microsoft Edge** to **Warn** or **Block**
* Set **Windows Defender SmartScreen for Microsoft store apps** to **Warn** or **Off**
For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
### Windows Defender Firewall optimization
A well-configured machine must have Microsoft Defender Firewall turned on and enabled for all profiles so that inbound connections are blocked by default. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender Firewall.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1709 or later.
#### Minimum baseline configuration setting for Windows Defender Firewall
* Microsoft Defender Firewall is turned on for all network connections
* Secure domain profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
* Secure private profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
* Secure public profile is configured by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
For more information on Windows Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
> [!NOTE]
> If Windows Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
##### Recommended actions
You can take the following actions to increase the overall security score of your organization:
* Turn on firewall
* Secure domain profile
* Secure private profile
* Secure public profile
* Verify secure configuration of third-party firewall
* Fix sensor data collection
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
### BitLocker optimization
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for BitLocker.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1803 or later.
#### Minimum baseline configuration setting for BitLocker
* Ensure all supported drives are encrypted
* Ensure that all suspended protection on drives resume protection
* Ensure that drives are compatible
##### Recommended actions
You can take the following actions to increase the overall security score of your organization:
* Encrypt all supported drives
* Resume protection on all drives
* Ensure drive compatibility
* Fix sensor data collection
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
### Windows Defender Credential Guard optimization
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender Credential Guard.
> [!IMPORTANT]
> This security control is only applicable for machines with Windows 10, version 1709 or later.
#### Minimum baseline configuration setting for Windows Defender Credential Guard:
Well-configured machines for Windows Defender Credential Guard meets the following requirements:
- Hardware and software prerequisites are met
- Windows Defender Credential Guard is turned on compatible machines
##### Recommended actions
You can take the following actions to increase the overall security score of your organization:
* Ensure hardware and software prerequisites are met
* Turn on Credential Guard
* Fix sensor data collection
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink)
## Related topics
* [Overview of Secure score](overview-secure-score.md)
* [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
* [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
* [Exposure score](tvm-exposure-score.md)
* [Configuration score](configuration-score.md)
* [Security recommendations](tvm-security-recommendation.md)
* [Remediation](tvm-remediation.md)
* [Software inventory](tvm-software-inventory.md)
* [Weaknesses](tvm-weaknesses.md)
* [Scenarios](threat-and-vuln-mgt-scenarios.md)

2
windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
View File

@ -121,5 +121,5 @@ Click the user account to see details about the user account. For more informati
## Related topics
- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
- [Portal overview](portal-overview.md)
- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)

3
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -85,8 +85,9 @@ To lower down your threat and vulnerability exposure:
6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
## Improve your security configuration
>[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). The secure score page is available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page.
> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md).
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.

8
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -66,10 +66,10 @@ When you submit a remediation request from Threat & Vulnerability Management, it
It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation** page, and it also creates a remediation ticket in Microsoft Intune.
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
## When to file for exception instead of remediating issues
You can file exceptions to exclude certain recommendation from showing up in reports and affecting risk scores or secure scores.
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your configuration score.
When you select a security recommendation, it opens up a flyout screen with details and options for your next step. You can either **Open software page**, choose from **Remediation options**, go through **Exception options** to file for exceptions, or **Report inaccuracy**.
@ -113,10 +113,10 @@ Clicking the link opens up to the **Security recommendations** page, where you c
- **In effect** - The exception that you've filed is in progress
### Exception impact on scores
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Secure Score (for configurations) of your organization in the following manner:
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Configuration Score (for configurations) of your organization in the following manner:
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Secure Score results out of the exception option that you made
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
The exception impact shows on both the Security recommendations page column and in the flyout pane.

4
windows/security/threat-protection/microsoft-defender-atp/use.md
View File

@ -29,7 +29,7 @@ Microsoft Defender Security Center is the portal where you can access Microsoft
Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
Use the **Threat & Vulnerability Management** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown.
@ -39,5 +39,5 @@ Topic | Description
:---|:---
[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
[View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines.
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify machines for the presence or absence of mitigations.

4
windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
View File

@ -73,7 +73,7 @@ Cyren's web content classification technology is integrated by design into Micro
Learn more at https://www.cyren.com/products/url-filtering.
### Cyren permissions
### Cyren Permissions
"Sign in and read user profile" allows Cyren to read your tenant info from your Microsoft Defender ATP account, such as your tenant ID, which will be tied to your Cyren license.
@ -168,4 +168,4 @@ You need to be logged in to an AAD account with either App administrator or Glob
- [Web protection overview](web-protection-overview.md)
- [Web threat protection](web-threat-protection.md)
- [Monitor web security](web-protection-monitoring.md)
- [Respond to web threats](web-protection-response.md)
- [Respond to web threats](web-protection-response.md)

8
windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
View File

@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
ms.date: 09/03/2018
ms.date: 02/24/2020
ms.reviewer:
manager: dansimp
---
@ -30,13 +30,13 @@ For a list of the cmdlets and their functions and available parameters, see the
PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software.
> [!NOTE]
> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), or [Windows Defender Antivirus Group Policy ADMX templates](https://support.microsoft.com/kb/927367).
> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), or [Windows Defender Antivirus Group Policy ADMX templates](https://www.microsoft.com/download/100591).
Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell.
You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md).
PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
PowerShell is typically installed under the folder `%SystemRoot%\system32\WindowsPowerShell`.
## Use Windows Defender Antivirus PowerShell cmdlets
@ -45,7 +45,7 @@ PowerShell is typically installed under the folder _%SystemRoot%\system32\Window
3. Enter the PowerShell command and any parameters.
> [!NOTE]
> You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
> You may need to open PowerShell in administrator mode. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
To open online help for any of the cmdlets type the following:

2
windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md
View File

@ -34,7 +34,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender
| |Advantage |Why it matters |
|--|--|--|
|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
|2|Threat analytics and your secure score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [secure score](../microsoft-defender-atp/overview-secure-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|2|Threat analytics and your configuration score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-windows-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
|4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
|5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|

6
windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
View File

@ -43,8 +43,8 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo
- All clients are running Windows 10 version 1903 or above;
- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune;
> [!NOTE]
> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM)
> [!NOTE]
> Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM).
- Some, but not all, apps are deployed using MEMCM;
- Most users are local administrators on their devices;
@ -117,7 +117,7 @@ Alice follows these steps to complete this task:
$PathRules += New-CIPolicyRule -FilePathRule "%windir%\*"
$PathRules += New-CIPolicyRule -FilePathRule "%OSDrive%\Program Files\*"
$PathRules += New-CIPolicyRule -FilePathRule "%OSDrive%\Program Files (x86)\*"
Merge-CIPolicy -OutputFilePath = $LamnaPolicy -PolicyPaths $LamnaPolicy -Rules $PathRules
Merge-CIPolicy -OutputFilePath $LamnaPolicy -PolicyPaths $LamnaPolicy -Rules $PathRules
```
7. If appropriate, add additional signer or file rules to further customize the policy for your organization.

8
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 04/20/2018
ms.date: 02/24/2020
---
# Understand WDAC policy rules and file rules
@ -28,7 +28,7 @@ Windows Defender Application Control (WDAC) provides control over a computer run
## Windows Defender Application Control policy rules
To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy:
To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy:
- To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command:
@ -120,9 +120,9 @@ There is a defined list of SIDs which WDAC recognizes as admins. If a filepath a
WDAC's list of well-known admin SIDs are: <br>
S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523.
When generating filepath rules using [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy), a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](https://docs.microsoft.com/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards and include them in your [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) scan using the -Rules switch.
When generating filepath rules using [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy), a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](https://docs.microsoft.com/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards using the [-FilePathRules](https://docs.microsoft.com/powershell/module/configci/new-cipolicyrule#parameters) switch.
Wildcards can be used at the beginning or end of a path rule: only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. C:\\* would include C:\foo\\* ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. \*\bar.exe would allow C:\bar.exe and C:\foo\bar.exe). Wildcards in the middle of a path are not supported (ex. C:\\*\foo.exe). Without a wildcard, the rule will allow only a specific file (ex. C:\foo\bar.exe). <br> Supported macros: %WINDIR%, %SYSTEM32%, %OSDRIVE%.
Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. `C:\\*` would include `C:\foo\\*` ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. `*\bar.exe` would allow `C:\bar.exe` and `C:\foo\bar.exe`). Wildcards in the middle of a path are not supported (ex. `C:\\*\foo.exe`). Without a wildcard, the rule will allow only a specific file (ex. `C:\foo\bar.exe`). <br/> The use of macros is also supported and useful in scenarios where the system drive is different from the `C:\` drive. Supported macros: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`.
> [!NOTE]
> Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md)

34
windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
View File

@ -14,7 +14,6 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 06/14/2018
---
# Authorize reputable apps with the Intelligent Security Graph (ISG)
@ -24,34 +23,33 @@ ms.date: 06/14/2018
- Windows 10
- Windows Server 2016 and above
Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system.
In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task.
Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system. In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task.
Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as Intelligent Security Graph (ISG) authorization, that allows IT administrators to automatically authorize applications that Microsofts ISG recognizes as having known good reputation. The ISG option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software.
Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as the Microsoft Intelligent Security Graph authorization, that allows IT administrators to automatically authorize applications that the Microsoft Intelligent Security Graph recognizes as having known good reputation. The the Microsoft Intelligent Security Graph option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software. To learn more about the Microsoft Intelligent Security Graph, see the Security section in [Major services and features in Microsoft Graph](https://docs.microsoft.com/graph/overview-major-services).
## How does the integration between WDAC and the Intelligent Security Graph work?
The ISG relies on Microsofts vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the ISG authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed, the reputation data is used to help make the right policy authorization decision.
The the Microsoft Intelligent Security Graph relies on Microsofts vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the the Microsoft Intelligent Security Graph authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed, the reputation data is used to help make the right policy authorization decision.
After that initial download and installation, the WDAC component will check for the presence of the positive reputation information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the known good reputation classification.
The reputation data on the client is rechecked periodically and enterprises can also specify that any cached reputation results are flushed on reboot.
>[!NOTE]
>Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager and Microsoft Intune can be used to create and push a WDAC policy to your client machines.
>Admins should make sure there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, such as custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both Microsoft Endpoint Configuration Manager and Microsoft Intune can be used to create and push a WDAC policy to your client machines.
Other examples of WDAC policies are available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy).
Other examples of WDAC policies are available in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy).
## Configuring Intelligent Security Graph authorization for Windows Defender Application Control
Setting up the ISG authorization is easy regardless of what management solution you use. Configuring the ISG option involves these basic steps:
Setting up the Microsoft Intelligent Security Graph authorization is easy regardless of what management solution you use. Configuring the Microsoft Intelligent Security Graph option involves these basic steps:
- [Ensure that the ISG option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml)
- [Enable the necessary services to allow WDAC to use the ISG correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client)
- [Ensure that the Microsoft Intelligent Security Graph option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml)
- [Enable the necessary services to allow WDAC to use the Microsoft Intelligent Security Graph correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client)
### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML
In order to enable trust for executables based on classifications in the ISG, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG. Caution is advised if devices will regularly transition to and from environments that may not be able to access the ISG. The following example shows both options being set.
In order to enable trust for executables based on classifications in the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached Intelligent Security Graph results on reboot to force rechecking of applications against the Microsoft Intelligent Security Graph. Caution is advised if devices will regularly transition to and from environments that may not be able to access the Microsoft Intelligent Security Graph. The following example shows both options being set.
```code
<Rules>
@ -81,7 +79,7 @@ In order to enable trust for executables based on classifications in the ISG, th
### Enable the necessary services to allow WDAC to use the ISG correctly on the client
In order for the heuristics used by the ISG to function properly, a number of component in Windows need to be enabled. The easiest way to do this is to run the appidtel executable in c:\windows\system32.
In order for the heuristics used by the Microsoft Intelligent Security Graph to function properly, a number of component in Windows must be enabled. The easiest way to do this is to run the appidtel executable in `c:\windows\system32`.
```
appidtel start
@ -91,19 +89,19 @@ For WDAC policies deployed over MDM using the AppLocker CSP this step is not req
## Security considerations with the Intelligent Security Graph
Since the ISG is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Windows Defender Advanced Threat Protection to help provide optics into what users are doing.
Since the Microsoft Intelligent Security Graph is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Microsoft Defender Advanced Threat Protection to help provide optics into what users are doing.
Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the ISG option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The ISG option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize.
Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the Microsoft Intelligent Security Graph option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The Microsoft Intelligent Security Graph option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize.
## Known limitations with using the Intelligent Security Graph
Since the ISG relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG.
Since the Microsoft Intelligent Security Graph relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG.
Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business, it is straightforward to authorize modern apps with signer rules in the WDAC policy.
Modern apps are not supported with the Microsoft Intelligent Security Graph heuristics and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business, it is straightforward to authorize modern apps with signer rules in the WDAC policy.
The ISG heuristic does not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
The Microsoft Intelligent Security Graph heuristics do not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases.
>[!NOTE]
> A rule that explicitly allows an application will take precedence over the ISG rule that does not allow it. In this scenario, this policy is not compatible with Intune, where there is no option to add rules to the template that enables ISG. In most circumstances you would need to build a custom WDAC policy, including ISG if desired.
> A rule that explicitly allows an application will take precedence over the Microsoft Intelligent Security Graph rule that does not allow it. In this scenario, this policy is not compatible with Intune, where there is no option to add rules to the template that enables the Microsoft Intelligent Security Graph. In most circumstances you would need to build a custom WDAC policy, including the Microsoft Intelligent Security Graph, if desired.