-**Figure 14** - Illustrates a device on which Windows 10 Pro, version 1607 is not activated, but the Windows 10 Pro Education upgrade is active.
+**Figure 14** - Illustrates a device on which Windows 10 Pro, version 1607 is not activated, but the Windows 10 Pro Education switch is active.
@@ -209,30 +211,30 @@ Devices must be running Windows 10 Pro, version 1607, and be Azure Active Direct A popup window will display the Windows 10 version number and detailed OS build information. - If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license. + If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be switched to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license. ## Roll back Windows 10 Pro Education to Windows 10 Pro -If your organization has the Windows 10 Pro to Windows 10 Pro Education upgrade enabled, and you decide to roll back to Windows 10 Pro or to cancel the upgrade, you can do this by: -- Logging into Windows Store for Business page and turning off the automatic upgrade. -- Selecting the link to turn off the automatic upgrade from the notification email sent to all global administrators. +If your organization has the Windows 10 Pro to Windows 10 Pro Education switch enabled, and you decide to roll back to Windows 10 Pro or to cancel the switch, you can do this by: +- Logging into Windows Store for Business page and turning off the automatic switch. +- Selecting the link to turn off the automatic switch from the notification email sent to all global administrators. -Once the automatic upgrade to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were upgraded will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was upgraded may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that an upgrade was enabled and then turned off will never see their device change from Windows 10 Pro. +Once the automatic switch to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were switched will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was switched may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that an switch was enabled and then turned off will never see their device change from Windows 10 Pro. **To roll back Windows 10 Pro Education to Windows 10 Pro** -1. Log in to [Windows Store for Business](https://businessstore.microsoft.com/en-us/Store/Apps) with your school or work account, or follow the link from the notification email to turn off the automatic upgrade. +1. Log in to [Windows Store for Business](https://businessstore.microsoft.com/en-us/Store/Apps) with your school or work account, or follow the link from the notification email to turn off the automatic switch. 2. Select **Manage > Account information** and locate the section **Automatic Windows 10 Pro Education upgrade** and follow the link. 3. In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, select **Turn off the automatic upgrade to Windows 10 Pro Education**. -  +  - **Figure 15** - Link to turn off the automatic upgrade + **Figure 15** - Link to turn off the automatic switch -4. You will be asked if you're sure that you want to turn off automatic upgrades to Windows 10 Pro Education. Click **Yes**. +4. You will be asked if you're sure that you want to turn off automatic switches to Windows 10 Pro Education. Click **Yes**. 5. Click **Close** in the **Success** page. -6. In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, you will see information on when the upgrade was disabled. +6. In the **Upgrade Windows 10 Pro to Windows 10 Pro Education** page, you will see information on when the switch was disabled. - If you decide later that you want to turn on automatic upgrades again, you can do this from the **Upgrade Windows 10 Pro to Windows 10 Pro Education**. + If you decide later that you want to turn on automatic switches again, you can do this from the **Upgrade Windows 10 Pro to Windows 10 Pro Education**. ## Preparing for deployment of Windows 10 Pro Education licenses diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index ed22802caa..99a438e0b9 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu +localizationpriority: high author: CelesteDG --- @@ -14,9 +15,10 @@ author: CelesteDG - Windows 10 + Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620). -Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/). +Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Configuration Designer](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/). Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments. @@ -24,7 +26,11 @@ Windows 10, version 1607 introduces two editions designed for the unique needs o Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). -Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future). +> [!NOTE] +> If using Windows 10 Pro Education or Windows 10 Education, upgrading from Windows 10, version 1607 (Anniversary Update) to Windows 10, version 1703 (Creators Update) will enable Cortana. You can use the **AllowCortana** policy to turn it off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). + + +Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future). Existing devices running Windows 10 Pro, currently activated with the original OEM digital product key and purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future), will upgrade automatically to Windows 10 Pro Education as part of the Windows 10, version 1607 installation. @@ -36,13 +42,18 @@ Customers that deploy Windows 10 Pro are able to configure the product to have s Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). -Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628). +> [!NOTE] +> If using Windows 10 Pro Education or Windows 10 Education, upgrading from Windows 10, version 1607 (Anniversary Update) to Windows 10, version 1703 (Creators Update) will enable Cortana. You can use the **AllowCortana** policy to turn it off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). + + +Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628). Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment. For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us). ## Related topics +* [Switch Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md) * [Windows deployment for education](http://aka.ms/edudeploy) * [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787) * [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788) diff --git a/windows/configure/basic-level-windows-diagnostic-events-and-fields.md b/windows/configure/basic-level-windows-diagnostic-events-and-fields.md index 738d97b024..0ae4581bb0 100644 --- a/windows/configure/basic-level-windows-diagnostic-events-and-fields.md +++ b/windows/configure/basic-level-windows-diagnostic-events-and-fields.md @@ -1990,24 +1990,24 @@ This event sends basic metadata about an application on the system to help keep The following fields are available: - **ProgramInstanceId** A hash of the file IDs in an app. -- **Name** The name of the application. Location pulled from depends on 'Source' field. Example: -- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. Example: Application -- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. Example: Neudesic -- **Version** The version number of the program. Example: 6.00.0003 -- **Language** The language code of the program. Language codes can be found at 221435 Example: 1033 -- **Source** Where the data for the application was found, such as Add/Remove Programs (ARP), MSI, AppxPackage, etc. Example: Msi -- **MsiProductCode** A GUID that describe the MSI Product. Example: {365812a8-44d6-422e-b737-d540451e5f4e} -- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. Example: {1BCC5142-D98C-430B-B74A-484A0328A7CE} -- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. Example: TRUE -- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. Example: -- **RootDirPath** The path to the root directory where the program was installed. Example: %ProgramFiles% (x86)\Neudesic\Azure Storage Explorer 6 -- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics) Example: 4/12/2015 01:27:52 -- **InstallDateMsi** The install date if the application was installed via MSI. Passed as an array. Example: 4/11/2015 00:00:00 -- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. Example: 4/8/2015 01:06:11 -- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 +- **Name** The name of the application. Location pulled from depends on 'Source' field. +- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. +- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. +- **Version** The version number of the program. +- **Language** The language code of the program. +- **Source** How the program was installed (ARP, MSI, Appx, etc...) +- **MsiProductCode** A GUID that describe the MSI Product. +- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. +- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. +- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. +- **RootDirPath** The path to the root directory where the program was installed. +- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics) +- **InstallDateMsi** The install date if the application was installed via MSI. Passed as an array. +- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. +- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. - **PartB_Ms.Device.DeviceInventoryChange** See the Common Data Fields section. -- **objectInstanceId** ProgramId (a hash of Name, Version, Publisher, and Language of an application used to identify it). Example: 00000144865763f3de24c2ae5a289fde6db300000904 -- **PackageFullName** The package full name for a Store application. Example: Microsoft.Hexic_1.2.0.36_x86__8wekyb3d8bbwe +- **objectInstanceId** ProgramId (a hash of Name, Version, Publisher, and Language of an application used to identify it). +- **PackageFullName** The package full name for a Store application. - **InventoryVersion** The version of the inventory file generating the events. - **StoreAppType** A sub-classification for the type of Windows Store app, such as UWP or Win8StoreApp. @@ -2042,7 +2042,7 @@ The following fields are available: - **ModelId** A model GUID. - **PrimaryCategory** The primary category for the device container. - **Categories** A comma separated list of functional categories in which the container belongs. -- **IsConnected** For physically a attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. +- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. - **IsActive** Is the device connected, or has it been seen in the last 14 days? - **IsPaired** Does the device container require pairing? - **IsNetworked** Is this a networked device? @@ -2052,7 +2052,7 @@ The following fields are available: - **ModelNumber** The model number for the device container. - **Manufacturer** The manufacturer name for the device container. - **PartB_Ms.Device.DeviceInventoryChange** See the Common Data Fields section. -- **objectInstanceId** ContainerId. Example: {552dd320-0dae-2794-2b41-df42fee22488} +- **objectInstanceId** ContainerId - **InventoryVersion** The version of the inventory file generating the events. diff --git a/windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9ea87f1c09..8f0ddba047 100644 --- a/windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -290,7 +290,7 @@ You can prevent Windows from setting the time automatically. -or - -- Create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient!Enabled** to 0 (zero). +- Create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient!Enabled** to 0 (zero). -or- diff --git a/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md index 3ef7f7e374..9cb47b71cd 100644 --- a/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ b/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md @@ -165,7 +165,7 @@ Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or 1. On Start , swipe over to the App list, then tap **Settings**  > **Accounts** > **Apps Corner**. -2. Tap **Apps**, tap to select the app that you want people to use in the kiosk mode, and then tap done  +2. Tap **Apps**, tap to select the app that you want people to use in the kiosk mode, and then tap done . 3. If your phone doesn't already have a lock screen password, you can set one now to ensure that people can't get to your Start screen from Apps Corner. Tap **Protect my phone with a password**, click **Add**, type a PIN in the **New PIN** box, type it again in the **Confirm PIN** box, and then tap **OK**. Press **Back**  to the Apps Corner settings. diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md index 76aa003b02..46c411919f 100644 --- a/windows/deploy/mbr-to-gpt.md +++ b/windows/deploy/mbr-to-gpt.md @@ -216,7 +216,7 @@ Before any change to the disk is made, MBR2GPT validates the layout and geometry - There are at most 3 primary partitions in the MBR partition table - One of the partitions is set as active and is the system partition - The BCD store on the system partition contains a default OS entry pointing to an OS partition -- The volume IDs can retrieved for each volume which has a drive letter assigned +- The volume IDs can be retrieved for each volume which has a drive letter assigned - All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option If any of these checks fails, the conversion will not proceed and an error will be returned. diff --git a/windows/deploy/resolve-windows-10-upgrade-errors.md b/windows/deploy/resolve-windows-10-upgrade-errors.md index a16acec410..4070ea0d81 100644 --- a/windows/deploy/resolve-windows-10-upgrade-errors.md +++ b/windows/deploy/resolve-windows-10-upgrade-errors.md @@ -2,7 +2,7 @@ title: Resolve Windows 10 upgrade errors - Windows IT Pro description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502 -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -560,11 +560,12 @@ For more information, see [How to perform a clean boot in Windows](https://suppo + ### 0x800xxxxx Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. -
See the following general troubleshooting procedures associated with a result code of 0x800xxxxx: +See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
-OR-
System Center Configuration Manager
-OR-
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.| +|Windows 10, version 1607 or later | Microsoft Intune
-OR-
System Center Configuration Manager
-OR-
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.| ## What is enterprise data control? Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can’t share anything and it’s all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure. @@ -93,8 +93,9 @@ WIP gives you a new way to manage data policy enforcement for apps and documents - **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. - **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable. - - >**Note**
For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. + + >[!Note] + >For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. ## How WIP works WIP helps address your everyday challenges in the enterprise. Including: @@ -129,7 +130,7 @@ You can set your WIP policy to use 1 of 4 protection and management modes: |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.| |Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). | |Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.| -|Off |WIP is turned off and doesn't help to protect or audit your data.
After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on.
**Note**
For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. |
+|Off |WIP is turned off and doesn't help to protect or audit your data.
After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on.
**Note**
For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. |
## Turn off WIP
You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn’t recommended. If you choose to turn WIP off, you can always turn it back on, but your decryption and policy info won’t be automatically reapplied.
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index ac0409286d..9791688940 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -365,7 +365,7 @@ The following table details the hardware requirements for both virtualization-ba
Trusted Platform Module (TPM)
Required to support health attestation and necessary for additional key protections for virtualization-based security.
Required to support health attestation and necessary for additional key protections for virtualization-based security. TPM 2.0 is supported; TPM 1.2 is also supported beginnning with Windows 10, version 1703.
+
- Open File Explorer, right-click a work document, and then click Work from the File Ownership menu.
Make sure the file is encrypted by right-clicking the file again, clicking Advanced from the General tab, and then clicking Details from the Compress or Encrypt attributes area. The file should show up under the heading, This enterprise domain can remove or revoke access: <your_enterprise_identity>. For example, contoso.com. - In File Explorer, right-click the same document, and then click Personal from the File Ownership menu.
Make sure the file is decrypted by right-clicking the file again, clicking Advanced from the General tab, and then verifying that the Details button is unavailable.
+ For mobile:
- Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
- Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work.
Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
@@ -44,11 +44,11 @@ You can try any of the processes included in these scenarios, but you should foc
+
-
-
- Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.Important
Certain file types like.exeand.dll, along with certain file paths, such as%windir%and%programfiles%are excluded from automatic encryption.For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.
+ - Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.
Important
Certain file types like.exeand.dll, along with certain file paths, such as%windir%and%programfiles%are excluded from automatic encryption.
For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.
+ For mobile:
- Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location.
Make sure the document is encrypted, by locating the Briefcase icon next to the file name. - Open the same document and attempt to save it to a non-work-related location.
WIP should stop you from saving the file to this location.
@@ -104,7 +104,7 @@ You can try any of the processes included in these scenarios, but you should foc
- Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted. - Open File Explorer and make sure your modified files are appearing with a Lock icon. -
- Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.
Note
Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
+ - Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.
Note
Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.
A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.
- Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
- Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
Both browsers should respect the enterprise and personal boundary.
- - Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
IE11 shouldn't be able to access the sites.Note
Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
+ - Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
IE11 shouldn't be able to access the sites.
Note
Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.
-
-
- Set up your VPN network to start based on the WIPModeID setting.
For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-wip-policy-using-intune.md) topic.
+ - Set up your VPN network to start based on the WIPModeID setting.
For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) topic. - Start an app from your allowed apps list.
The VPN network should automatically start. - Disconnect from your network and then start an app that isn't on your allowed apps list.
The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
-
-
- Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
The device should be removed and all of the enterprise content for that managed account should be gone.Important
On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
+ - Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
The device should be removed and all of the enterprise content for that managed account should be gone.
Important
On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
($1.29 X .095) X 100 = $12.25 -##Payment options## +## Payment options You can purchase apps from the Windows Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: 1. VISA 2. MasterCard @@ -104,8 +104,8 @@ You can purchase apps from the Windows Store for Business using your credit card 4. American Express 5. Japan Commercial Bureau (JCB) -**Note**:
-Not all cards available in all countries. When you add a payment option, Store for Business shows which cards are available in your region. +> [!NOTE] +> Not all cards available in all countries. When you add a payment option, Store for Business shows which cards are available in your region. **To add a new payment option** @@ -116,7 +116,8 @@ Not all cards available in all countries. When you add a payment option, Store f Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. -**Note**:
When adding credit or debit cards, you may be prompted to enter a CVV . The CVV is only used for verification purposes and is not stored in our systems after validation. +> [!NOTE] +> When adding credit or debit cards, you may be prompted to enter a CVV . The CVV is only used for verification purposes and is not stored in our systems after validation **To update a payment option** @@ -126,9 +127,10 @@ Once you click Next, the information you provided will be validated with a tes 4. Enter any updated information in the appropriate fields, and then click **Next**. Once you click **Next**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. -**Note**:
Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time or have a low balance. +> [!NOTE] +> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance. -##Offline licensing## +## Offline licensing Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Store for Business. This model means organizations can deploy apps when users or devices do not have connectivity to the Store. For more information on the Store for Business licensing model, see [licensing model](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing-model). diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 3995354bb7..f10f250341 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -12,12 +12,12 @@ ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617 # What's new in Windows 10, version 1703 IT pro content -Below is a list of some of the new and updated content that discusses Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update). +Below is a list of some of the new and updated content that discusses Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update). For more general info about Windows 10 features, see [Features available only on Windows 10](https://www.microsoft.com/windows/features). For info about previous versions of Windows 10, see [What's New in Windows 10](index.md). Also see this blog post: [What’s new for IT pros in the Windows 10 Creators Update](https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/). >[!NOTE] ->Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). +>Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). ## Configuration @@ -121,6 +121,8 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10 You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/). +Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787]. + ### Windows Defender Antivirus Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md). @@ -160,7 +162,7 @@ A new security policy setting ### Windows Hello for Business -You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). +You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). For Windows Phone devices, an adminisrator is able to initiate a remote PIN reset through the Intune portal. @@ -185,7 +187,7 @@ We recently added the option to download Windows 10 Insider Preview builds using With changes delivered in Windows 10, version 1703, [Express updates](../update/waas-optimize-windows-10-updates.md#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS. >[!NOTE] -> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. +> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios. @@ -220,7 +222,7 @@ Some of the other new CSPs are: - The [Office CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/library/jj219426.aspx). -- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. +- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. IT pros can use the new [MDM Migration Analysis Tool (MMAT)](http://aka.ms/mmat) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents. @@ -233,7 +235,7 @@ The Windows version of mobile application management (MAM) is a lightweight solu For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management). ### MDM diagnostics - + In Windows 10, version 1703, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost. ### Application Virtualization for Windows (App-V)