mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 14:27:22 +00:00
Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)
This commit is contained in:
officedocspr
commit
f67f213112
@ -16,10 +16,10 @@ ms.localizationpriority: medium
|
||||
|
||||
# Hybrid deployment (Surface Hub)
|
||||
|
||||
A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
|
||||
A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-premises), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
|
||||
|
||||
> [!NOTE]
|
||||
> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
|
||||
> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-premises). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
|
||||
|
||||
## Exchange on-premises
|
||||
|
||||
@ -345,11 +345,11 @@ $AssignedLicenses.RemoveLicenses = @()
|
||||
Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
|
||||
```
|
||||
|
||||
Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
|
||||
Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
|
||||
|
||||
### Skype for Business Online
|
||||
|
||||
In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online).
|
||||
In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#skype-for-business-online).
|
||||
|
||||
1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow
|
||||
Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
|
||||
```
|
||||
|
||||
7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
|
||||
7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online).
|
||||
|
||||
Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: article
|
||||
|
||||
# Deploy the latest firmware and drivers for Surface devices
|
||||
|
||||
> **Home users:** This article is only intended for technical support agents and IT professionals. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
|
||||
> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
|
||||
|
||||
Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows.
|
||||
|
||||
|
||||
@ -2448,7 +2448,7 @@ ADMX Info:
|
||||
|
||||
Value and index pairs in the SyncML example:
|
||||
- http://adfs.contoso.org 1
|
||||
- http://microsoft.com 2
|
||||
- https://microsoft.com 2
|
||||
|
||||
<!--/Example-->
|
||||
<!--/Policy-->
|
||||
|
||||
@ -296,7 +296,7 @@ For links to these classes, see [**MDM Bridge WMI Provider**](https://msdn.micro
|
||||
[**Win32\_UninterruptiblePowerSupply**](https://msdn.microsoft.com/library/windows/hardware/aa394503) |
|
||||
[**Win32\_USBController**](https://msdn.microsoft.com/library/windows/hardware/aa394504) |
|
||||
[**Win32\_UTCTime**](https://msdn.microsoft.com/library/windows/hardware/aa394510) | 
|
||||
[**Win32\_VideoController**](https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-videocontroller) |
|
||||
[**Win32\_VideoController**](https://docs.microsoft.com/windows/win32/cimwin32prov/win32-videocontroller) |
|
||||
**Win32\_WindowsUpdateAgentVersion** |
|
||||
|
||||
|
||||
|
||||
@ -1,28 +1,30 @@
|
||||
---
|
||||
title: Windows 10 deployment tools (Windows 10)
|
||||
description: Learn about the tools available to deploy Windows 10.
|
||||
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.audience: itpro
author: greg-lindsay
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
audience: itpro
author: greg-lindsay
|
||||
ms.date: 07/12/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Windows 10 deployment tools
|
||||
|
||||
Learn about the tools available to deploy Windows 10.
|
||||
|
||||
|Topic |Description |
|
||||
|------|------------|
|
||||
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|
||||
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|
||||
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|
||||
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|
||||
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|
||||
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|
||||
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
|
||||
---
|
||||
title: Windows 10 deployment tools reference
|
||||
description: Learn about the tools available to deploy Windows 10.
|
||||
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.date: 07/12/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Windows 10 deployment tools
|
||||
|
||||
Learn about the tools available to deploy Windows 10.
|
||||
|
||||
|Topic |Description |
|
||||
|------|------------|
|
||||
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|
||||
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|
||||
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|
||||
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|
||||
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|
||||
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|
||||
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
|
||||
|
||||
@ -1,28 +1,30 @@
|
||||
---
|
||||
title: Windows 10 deployment tools (Windows 10)
|
||||
description: Learn about the tools available to deploy Windows 10.
|
||||
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.audience: itpro
author: greg-lindsay
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
audience: itpro
author: greg-lindsay
|
||||
ms.date: 10/16/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Windows 10 deployment tools
|
||||
|
||||
Learn about the tools available to deploy Windows 10.
|
||||
|
||||
|Topic |Description |
|
||||
|------|------------|
|
||||
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|
||||
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|
||||
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|
||||
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|
||||
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|
||||
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|
||||
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
|
||||
---
|
||||
title: Windows 10 deployment tools
|
||||
description: Learn about the tools available to deploy Windows 10.
|
||||
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
audience: itpro
|
||||
author: greg-lindsay
|
||||
ms.date: 10/16/2017
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Windows 10 deployment tools
|
||||
|
||||
Learn about the tools available to deploy Windows 10.
|
||||
|
||||
|Topic |Description |
|
||||
|------|------------|
|
||||
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|
||||
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|
||||
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|
||||
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|
||||
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|
||||
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|
||||
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows 10 deployment tools (Windows 10)
|
||||
title: Windows 10 deployment scenarios and tools
|
||||
description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process.
|
||||
ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877
|
||||
ms.reviewer:
|
||||
|
||||
@ -128,8 +128,6 @@ To make changes to the size of your Windows diagnostic data history, visit the *
|
||||
> [!Important]
|
||||
> Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
|
||||
|
||||
|
||||
|
||||
## View additional diagnostic data in the View problem reports tool
|
||||
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Defender Credential Guard protection limits (Windows 10)
|
||||
description: Scenarios not protected by Windows Defender Credential Guard in Windows 10.
|
||||
title: Windows Defender Credential Guard protection limits & mitigations (Windows 10)
|
||||
description: Scenarios not protected by Windows Defender Credential Guard in Windows 10, and additional mitigations you can use.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
ms.sitesec: library
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Prepare & Deploy Windows AD FS (Windows Hello for Business)
|
||||
title: Prepare & Deploy Windows AD FS certificate trust (Windows Hello for Business)
|
||||
description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Windows Hello for Business Policy settings (Windows Hello for Business)
|
||||
title: Configure Windows Hello for Business Policy settings - certificate trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Validate Active Directory prerequisites (Windows Hello for Business)
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business
|
||||
title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business)
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model.
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Validate and Deploy MFA for Windows Hello for Business
|
||||
title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
|
||||
description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Conditional Access
|
||||
title: Dynamic lock
|
||||
description: Conditional Access
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Prepare & Deploy Windows Active Directory Federation Services
|
||||
title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business)
|
||||
description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Windows Hello for Business Policy settings (Windows Hello for Business)
|
||||
title: Configure Windows Hello for Business Policy settings - key trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Validate Active Directory prerequisites (Windows Hello for Business)
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business
|
||||
title: Key registration for on-premises deployment of Windows Hello for Business
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model.
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Validate and Deploy MFA for Windows Hello for Business
|
||||
title: Validate and Deploy MFA for Windows Hello for Business with key trust
|
||||
description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust
|
||||
keywords: identity, PIN, biometric, Hello, passport
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: BitLocker frequently asked questions (FAQ) (Windows 10)
|
||||
title: BitLocker deployment and administration FAQ (Windows 10)
|
||||
description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
|
||||
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
|
||||
ms.reviewer:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: BitLocker frequently asked questions (FAQ) (Windows 10)
|
||||
title: BitLocker FAQ (Windows 10)
|
||||
description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
|
||||
ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
|
||||
ms.reviewer:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: BitLocker frequently asked questions (FAQ) (Windows 10)
|
||||
title: BitLocker Network Unlock FAQ (Windows 10)
|
||||
description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: explore
|
||||
|
||||
@ -80,7 +80,7 @@ All x86-based Certified For Windows 10 PCs must meet several requirements relat
|
||||
|
||||
These requirements help protect you from rootkits while allowing you to run any operating system you want. You have three options for running non-Microsoft operating systems:
|
||||
|
||||
- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <http://partner.microsoft.com/dashboard>.
|
||||
- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to <https://partner.microsoft.com/dashboard>.
|
||||
- **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
|
||||
- **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Audit directory service access (Windows 10)
|
||||
title: Basic audit directory service access (Windows 10)
|
||||
description: Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
|
||||
ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
|
||||
ms.reviewer:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Advanced Hunting API
|
||||
title: Advanced Hunting with Powershell API Guide
|
||||
ms.reviewer:
|
||||
description: Use this API to run advanced queries
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Deploy exploit protection mitigations across your organization
|
||||
title: Import, export, and deploy exploit protection configurations
|
||||
keywords: Exploit protection, mitigations, import, export, configure, emet, convert, conversion, deploy, install
|
||||
description: Use Group Policy to deploy mitigations configuration. You can also convert an existing EMET configuration and import it as an Exploit protection configuration.
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events.
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events to Azure Event Hubs
|
||||
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Event Hub.
|
||||
keywords: raw data export, streaming API, API, Azure Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events.
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events to your Storage account
|
||||
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account.
|
||||
keywords: raw data export, streaming API, API, Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Advanced Hunting API
|
||||
title: Advanced Hunting with Powershell API Basics
|
||||
ms.reviewer:
|
||||
description: Use this API to run advanced queries
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Advanced Hunting API
|
||||
title: Advanced Hunting with Python API Guide
|
||||
ms.reviewer:
|
||||
description: Use this API to run advanced queries
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Deploy exploit protection mitigations across your organization
|
||||
title: Troubleshoot exploit protection mitigations
|
||||
keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install
|
||||
description: Remove unwanted Exploit protection mitigations.
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert information by ID API
|
||||
description: Retrieves an alert by its ID.
|
||||
title: Update alert entity API
|
||||
description: Retrieves a Microsoft Defender ATP alert by its ID.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -31,7 +31,7 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
- [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md) <BR> Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. ([Endpoint detection and response is currently in preview](preview.md).)
|
||||
|
||||
- [Threat & Vulnerability Management application end-of-life notification](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) <BR>Applications which have reached their end-of-life are labeled as such so you are aware that they will no longer be supported, and can take action to either uninstall or replace. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.
|
||||
- [Threat & Vulnerability Management application end-of-life tag](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) <BR>Applications which have reached their end-of-life are tagged or labeled as such so you are aware that they will no longer be supported, and can take action to either uninstall or replace. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.
|
||||
|
||||
## October 2019
|
||||
|
||||
|
||||
@ -62,7 +62,7 @@ Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsof
|
||||
Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
|
||||
[configure Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Windows Defender SmartScreen on or off.
|
||||
|
||||
Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md#create-indicators-for-ips-and-urlsdomains) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
|
||||
Although Microsoft Defender ATP has its own block list, based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md#create-indicators-for-ips-and-urlsdomains-preview) in the Microsoft Defender ATP portal, Windows Defender SmartScreen will respect the new settings.
|
||||
|
||||
### Windows Defender Antivirus
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intu
|
||||
|
||||
With Intune, IT Pros can now configure their managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps their business uses. This feature changes the S mode security posture from “every app is Microsoft-verified" to “every app is verified by Microsoft or your organization”.
|
||||
|
||||
# Policy Authorization Process
|
||||
## Policy Authorization Process
|
||||
|
||||
The general steps for expanding the S mode base policy on your devices are to generate a supplemental policy, sign that policy, and then upload the signed policy to Intune and assign it to user or device groups.
|
||||
1. Generate a supplemental policy with WDAC tooling
|
||||
@ -78,11 +78,11 @@ The general steps for expanding the S mode base policy on your devices are to ge
|
||||
> [!Note]
|
||||
> When updating your supplemental policy, ensure that the new version number is strictly greater than the previous one. Using the same version number is not allowed by Intune. Refer to [Set-CIPolicyVersion](https://docs.microsoft.com/powershell/module/configci/set-cipolicyversion?view=win10-ps) for information on setting the version number.
|
||||
|
||||
# Standard Process for Deploying Apps through Intune
|
||||
## Standard Process for Deploying Apps through Intune
|
||||
|
||||
Refer to [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps-win32-app-management) for guidance on the existing procedure of packaging signed catalogs and app deployment.
|
||||
|
||||
# Optional: Process for Deploying Apps using Catalogs
|
||||
## Optional: Process for Deploying Apps using Catalogs
|
||||
|
||||
Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that will authorize all apps signed by that certificate, which may include apps you don’t want to allow as well.
|
||||
|
||||
@ -93,7 +93,7 @@ The basic process is to generate a catalog file for each app using Package Inspe
|
||||
> [!Note]
|
||||
> Every time an app updates, you will need to deploy an updated catalog. Because of this, IT Pros should try to avoid using catalog files for applications that auto-update and direct users not to update applications on their own.
|
||||
|
||||
# Sample Policy
|
||||
## Sample policy
|
||||
Below is a sample policy that allows kernel debuggers, PowerShell ISE, and Registry Editor. It also demonstrates how to specify your organization's code signing and policy signing certificates.
|
||||
```xml
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
@ -176,7 +176,7 @@ Below is a sample policy that allows kernel debuggers, PowerShell ISE, and Regis
|
||||
</Settings>
|
||||
</SiPolicy>
|
||||
```
|
||||
# Policy Removal
|
||||
## Policy removal
|
||||
> [!Note]
|
||||
> This feature currently has a known a policy deletion bug, with a fix expected in the 2D update in late February 2020. Devices of users who are unenrolled will still have their WDAC policies removed. In the mentime, IT Pros are recommended to update their policy with the below 'empty' policy which makes no changes to S mode.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user