deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into Issue#3053

Browse Source
This commit is contained in:
Jose Ortega 2019-04-04 19:07:18 -06:00
commit f577b85b03
23 changed files with 315 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
store-for-business/microsoft-store-for-business-overview.md
View File

@ -360,7 +360,7 @@ Customers in these markets can use Microsoft Store for Business and Education to
- Ukraine
### Support to only manage products
Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purhcase apps directly from Microsoft Store for Business and Education.
Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purchase apps directly from Microsoft Store for Business and Education.
- Puerto Rico
This table summarize what customers can purchase, depending on which Microsoft Store they are using.

2
store-for-business/settings-reference-microsoft-store-for-business.md
View File

@ -24,7 +24,7 @@ The Microsoft Store for Business and Education has a group of settings that admi
| Private store | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md). | **Settings - Distribute** |
| Offline licensing | Configure whether or not to make offline-licensed apps available in the Microsoft Store for Business and Education. For more information, see [Distribute offline apps](distribute-offline-apps.md). | **Settings - Shop** |
| Allow users to shop | Configure whether or not people in your organization or school can see and use the shop function in Store for Business or Store for Education. For more information, see [Allow users to shop](acquire-apps-microsoft-store-for-business.md#allow-users-to-shop). | **Settings - Shop** |
| Make everyone a Basic Purchaser | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business#basic-purchaser-role). </br> **Make everyone a Basic Purchaser** is only available in Microsoft Store for Education. | **Settings - Shop** |
| Make everyone a Basic Purchaser | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business#basic-purchaser-role). | **Settings - Shop** |
| App request | Configure whether or not people in your organization can request apps for admins to purchase. For more information, see [Distribute offline apps](acquire-apps-microsoft-store-for-business.md). | **Settings - Shop** |
| Management tools | Management tools that are synced with Azure AD are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md). | **Settings - Distribute** |
| Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md). | **Settings - Devices** |

15
windows/application-management/remove-provisioned-apps-during-update.md
View File

@ -17,17 +17,20 @@ When you update a computer running Windows 10, version 1703 or 1709, you might s
>[!NOTE]
>* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.
>* This only applies to first-party apps that shipped with Windows 10. This doesn't apply to third-party apps, Microsoft Store apps, or LOB apps.
>* This issue can occur whether you removed the app using `Remove-appxprovisionedpackage` or `Get-AppxPackage -allusers | Remove-AppxPackage -Allusers`.
To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you removed the packages in one of the following ways:
To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you [removed the packages](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage) in one of the following ways:
* If you removed the packages while the wim file was mounted when the device was offline.
* If you removed the packages by running a PowerShell cmdlet on the device while Windows was online. Although the apps won't appear for new users, you'll still see the apps for the user account you signed in as.
When you remove a provisioned app, we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.)
When you [remove a provisioned app](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage), we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.)
>[!NOTE]
>If you remove a provisioned app while Windows is online, it's only removed for *new users*—the user that you signed in as will still have that provisioned app. That's because the registry key created when you deprovision the app only applies to new users created *after* the key is created. This doesn't happen if you remove the provisioned app while Windows is offline.
To prevent these apps from reappearing at the next update, manually create a registry key for each app, then update the computer.
## Create registry keys for deprovisioned apps
@ -38,7 +41,7 @@ Use the following steps to create a registry key:
2. Create a .reg file to generate a registry key for each app. Use [this list of Windows 10, version 1709 registry keys](#registry-keys-for-provisioned-apps) as your starting point.
1. Paste the list of registry keys into Notepad (or a text editor).
2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key:
```
```yaml
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
```
3. Save the file with a .txt extension, then right-click the file and change the extension to .reg.
@ -158,3 +161,9 @@ Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]
```
[Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
[Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage)

1
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -895,6 +895,7 @@ Status Get
<xs:enumeration value="RestartShell" />
<xs:enumeration value="RestartDevice" />
<xs:enumeration value="ShutdownDevice" />
<xs:enumeration value="DoNothing" />
</xs:restriction>
</xs:simpleType>

14
windows/client-management/mdm/policy-csp-start.md
View File

@ -666,6 +666,13 @@ The following list shows the supported values:
Enabling this policy prevents context menus from being invoked in the Start Menu.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) False (Do not disable).
- 1 - True (disable).
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Disable context menus in the Start Menu*
@ -1091,6 +1098,13 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon
Value type is integer.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) False (do not hide).
- 1 - True (hide).
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Remove the People Bar from the taskbar*

4
windows/client-management/mdm/policy-csp-storage.md
View File

@ -288,7 +288,7 @@ When Storage Sense runs, it can dehydrate cloud-backed content that hasnt bee
If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
If you enable this policy setting, you must provide the number of days since a cloud-backed file has been opened before Storage Sense will dehydrate it. Supported values are: 0365.
If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0365.
If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.
@ -357,7 +357,7 @@ When Storage Sense runs, it can delete files in the users Downloads folder if
If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.
If you enable this policy setting, you must provide the number of days since a file in the Downloads folder has been opened before Storage Sense will delete it. Supported values are: 0365.
If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365.
If you set this value to zero, Storage Sense will not delete files in the users Downloads folder. The default is 0, or never deleting files in the Downloads folder.

6
windows/client-management/mdm/vpnv2-csp.md
View File

@ -151,7 +151,7 @@ If set to True, this DomainName rule will trigger the VPN
By default, this value is false.
Value type is bool. Persistent
Value type is bool.
<a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-persistent"></a>**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/Persistent**
Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values:
@ -624,10 +624,10 @@ Profile example
</Authentication>
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
</NativeProfile>
<DomainNameInformation>
<DomainNameInformationList>
<DomainName>.contoso.com</DomainName>
<DNSServers>10.5.5.5</DNSServers>
</DomainNameInformation>
</DomainNameInformationList>
<TrafficFilter>
<App>%ProgramFiles%\Internet Explorer\iexplore.exe</App>
</TrafficFilter>

6
windows/deployment/deploy-m365.md
View File

@ -34,10 +34,10 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
You can check out the Microsoft 365 deployment advisor and other resources for free! Just follow the steps below.
1. Obtain a free EMS 90-day trial by visiting the following link. Provide your email address and answer a few simple questions.
[Free Trial - Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-trial)
>[!NOTE]
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
1. [Obtain a free M365 trial](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365).
2. Check out the [Microsoft 365 deployment advisor](https://portal.office.com/onboarding/Microsoft365DeploymentAdvisor#/).
3. Also check out the [Windows Analytics deployment advisor](https://portal.office.com/onboarding/WindowsAnalyticsDeploymentAdvisor#/). This advisor will walk you through deploying [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), [Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), and [Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor).

2
windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
View File

@ -488,7 +488,7 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
 
## <a href="" id="sec08"></a>Step 8: Deploy the Windows 10 client image
These steps will walk you throug the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.
These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.
### Configure Windows Deployment Services

0
windows/deployment/images/m365da.PNG → windows/deployment/images/m365da.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 242 KiB

BIN
windows/deployment/images/wada.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 223 KiB

1
windows/deployment/update/windows-as-a-service.md
View File

@ -25,6 +25,7 @@ Everyone wins when transparency is a top priority. We want you to know when upda
The latest news:
<ul compact style="list-style: none">
<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
<li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>

2
windows/deployment/upgrade/log-files.md
View File

@ -55,7 +55,7 @@ Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
## Log entry structure
A setupact.log or setuperr.log entry includes the following elements:
A setupact.log or setuperr.log (files are located at C:\Windows) entry includes the following elements:
<ol>
<LI><B>The date and time</B> - 2016-09-08 09:20:05.

4
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -20,7 +20,7 @@ ms.topic: article
Modern desktop management with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
This topic describes how to convert Windows 7 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.
This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.
## Prerequisites
@ -278,7 +278,7 @@ Next, ensure that all content required for the task sequence is deployed to dist
### Complete the client installation process
1. Open the Software Center on the target Windows 7 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
```
C:\Windows\CCM\SCClient.exe

1
windows/security/threat-protection/intelligence/phishing.md
View File

@ -84,6 +84,7 @@ Enterprises should educate and train their employees to be wary of any communica
Here are several telltale signs of a phishing scam:
* The links or URLs provided in emails are **not pointing to the correct location** or are attempting to have you access a third-party site that is not affiliated with the sender of the email. For example, in the image below the URL provided does not match the URL that you will be taken to.
![example of how exploit kits work](./images/URLhover.png)
* There is a **request for personal information** such as social security numbers or bank or financial information. Official communications won't generally request personal information from you in the form of an email.

4
windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -59,7 +59,7 @@ There are two options to onboard Windows Server 2012 R2 and Windows Server 2016
4. Follow the onboarding instructions in [Windows Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
### Option 2: Onboard servers through Windows Defender Security Center
You'll need to take the following steps if you choose to onboard servers through Windows Defender Security Center.
You'll need to tak the following steps if you choose to onboard servers through Windows Defender Security Center.
- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
@ -67,7 +67,7 @@ You'll need to take the following steps if you choose to onboard servers through
>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
- Turn on server monitoring from Windows Defender Security Center.
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
>[!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).

2
windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md
View File

@ -80,3 +80,5 @@ For example, to show data about Windows 10 machines with Active sensor health st
3. Select **Apply**.
## Related topic
- [Threat protection report ](threat-protection-reports-windows-defender-advanced-threat-protection.md)

4
windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
View File

@ -57,7 +57,9 @@ On the top navigation you can:
>[!NOTE]
>Blocking IPs, domains, or URLs is currently available on limited preview only. This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforeced. While the option is not yet generally available, it will only be used when identified during an investigation.
>Blocking IPs, domains, or URLs is currently available on limited preview only.
>This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon.
>As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will use the allowed/block list as the basis of its decision to automatically remediate (blocked list) or skip (allowed list) the entity.
## Manage indicators

12
windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 04/24/2018
---
# Take response actions on a file
@ -109,13 +108,17 @@ You can roll back and remove a file from quarantine if youve determined that
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
>[!IMPORTANT]
>- This feature is available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
>- This feature is available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
>- The Antimalware client version must be 4.18.1901.x or later.
>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
>- This response action is available for machines on Windows 10, version 1703 or later.
>- The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action.
>[!NOTE]
> The PE file needs to be in the machine timeline for you to be able to take this action.
>- There may be a couple of minutes of latency between the time the action is taken and the actual file being blocked.
### Enable the block file feature
Before you can block files, you'll need to enable the feature.
@ -149,6 +152,9 @@ Before you can block files, you'll need to enable the feature.
When the file is blocked, there will be a new event in the machine timeline.</br>
>[!NOTE]
>-If a file was scanned before the action was taken, it may take longer to be effective on the device.
**Notification on machine user**:</br>
When a file is being blocked on the machine, the following notification is displayed to inform the user that the file was blocked:

3
windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md
View File

@ -77,3 +77,6 @@ For example, to show data about high-severity alerts only:
1. Under **Filters > Severity**, select **High**
2. Ensure that all other options under **Severity** are deselected.
3. Select **Apply**.
## Related topic
- [Machine health and compliance report](machine-reports-windows-defender-advanced-threat-protection.md)

7
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -175,7 +175,12 @@ This rule blocks the following file types from launching unless they either meet
>[!NOTE]
>You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.
Intune name: Executables that don't meet a prevalence, age, or trusted list criteria
>[!IMPORTANT]
>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly.
>
>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
Intune name: Executables that don't meet a prevalence, age, or trusted list criteria.
SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria

3
windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
View File

@ -36,6 +36,9 @@ You can exclude files and folders from being evaluated by most attack surface re
You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to.
>[!IMPORTANT]
>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).
The following procedures for enabling ASR rules include instructions for how to exclude files and folders.

8
windows/whats-new/whats-new-windows-10-version-1809.md
View File

@ -36,7 +36,7 @@ To learn more about Autopilot self-deploying mode and to see step-by-step instru
### SetupDiag
[SetupDiag](/windows/deployment/upgrade/setupdiag.md) version 1.4 is released. SetupDiag is a standalone diagnostic tool that can be used to troubleshoot issues when a Windows 10 upgrade is unsuccessful.
[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) version 1.4 is released. SetupDiag is a standalone diagnostic tool that can be used to troubleshoot issues when a Windows 10 upgrade is unsuccessful.
## Security
@ -202,6 +202,9 @@ Do you have shared devices deployed in your work place? **Fast sign-in** enables
![fast sign-in](images/fastsignin.png "fast sign-in")
>[!NOTE]
>This is a preview feature and therefore not meant or recommended for production purposes.
## Web sign-in to Windows 10
Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML).
@ -214,6 +217,9 @@ Until now, Windows logon only supported the use of identities federated to ADFS
![Web sign-in](images/websignin.png "web sign-in")
>[!NOTE]
>This is a preview feature and therefore not meant or recommended for production purposes.
## Your Phone app
Android phone users, you can finally stop emailing yourself photos. With Your Phone you get instant access to your Androids most recent photos on your PC. Drag and drop a photo from your phone onto your PC, then you can copy, edit, or ink on the photo. Try it out by opening the **Your Phone** app. Youll receive a text with a link to download an app from Microsoft to your phone. Android 7.0+ devices with ethernet or Wi-Fi on unmetered networks are compatible with the **Your Phone** app. For PCs tied to the China region, **Your Phone** app services will be enabled in the future.