deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into lucci01

Browse Source
This commit is contained in:
lucciz 2020-04-07 10:51:49 +08:00
commit f90e8f3e21
211 changed files with 1084 additions and 766 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.openpublishing.redirection.json
View File

@ -1502,6 +1502,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md", "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview",
"redirect_document_id": true "redirect_document_id": true
@ -6232,6 +6237,11 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/deployment/update/update-compliance-wdav-status.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started",
"redirect_document_id": true
},
{
"source_path": "windows/manage/update-compliance-using.md", "source_path": "windows/manage/update-compliance-using.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using", "redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using",
"redirect_document_id": true "redirect_document_id": true

1
browsers/internet-explorer/TOC.md
View File

@ -47,6 +47,7 @@
#### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md) #### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
#### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
#### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) #### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md)
### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md) ### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
#### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md) #### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md) ##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)

13
browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -7,7 +7,8 @@ author: dansimp
ms.prod: ie11 ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
ms.reviewer: ms.reviewer:
audience: itpro manager: dansimp audience: itpro
manager: dansimp
ms.author: dansimp ms.author: dansimp
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros) title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library ms.sitesec: library
@ -57,16 +58,20 @@ You can add individual sites to your compatibility list by using the Enterprise
5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site. 5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
- **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
- **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee. - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
- **None**. Opens in whatever browser the employee chooses. - **None**. Opens in whatever browser the employee chooses.
6. Click **Save** to validate your website and to add it to the site list for your enterprise.<p> 6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#updated-schema-attributes).
8. Click **Save** to validate your website and to add it to the site list for your enterprise.<p>
If your site passes validation, its added to the global compatibility list. If the site doesnt pass validation, youll get an error message explaining the problem. Youll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. If your site passes validation, its added to the global compatibility list. If the site doesnt pass validation, youll get an error message explaining the problem. Youll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p> 9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md). You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
## Next steps ## Next steps

47
browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md Normal file
View File

@ -0,0 +1,47 @@
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to use Site List Manager to review neutral sites for IE mode
author: dansimp
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
ms.sitesec: library
ms.date: 04/02/2020
---
# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
**Applies to:**
- Windows 10
- Windows 8
- Windows Server 2012 R2
- Microsoft Edge version 77 or later
> [!NOTE]
> This feature is available on the Enterprise Mode Site List Manager version 11.0.
## Overview
While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
## Flag neutral sites
To identify neutral sites to review:
1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
## Related topics
- [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode)
- [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)

4
browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
View File

@ -26,7 +26,7 @@ ms.date: 12/04/2017
- Windows Server 2012 R2 - Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1) - Windows Server 2008 R2 with Service Pack 1 (SP1)
Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration thats designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode. You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
@ -49,12 +49,14 @@ The following topics give you more information about the things that you can do
|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). | |[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. | |[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.<p>This topic applies to both versions of the Enterprise Mode Site List Manager. |
| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion.<p> This topic applies to the latest version of the Enterprise Mode Site List Manager.
## Related topics ## Related topics

19
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -1,6 +1,6 @@
--- ---
title: Using 3D Viewer on HoloLens title: Using 3D Viewer Beta on HoloLens
description: Describes the types of files and features that 3D Viewer Beta on HoloLens supports, and how to use and troubleshoot the app. description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens ms.prod: hololens
ms.sitesec: library ms.sitesec: library
author: Teresa-Motiv author: Teresa-Motiv
@ -15,15 +15,18 @@ appliesto:
- HoloLens (1st gen) - HoloLens (1st gen)
--- ---
# Using 3D Viewer on HoloLens # Using 3D Viewer Beta on HoloLens
3D Viewer lets you view 3D models on HoloLens. You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps. 3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications). >[!NOTE]
>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer-beta). If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
There are two ways to open a 3D model on HoloLens. See [Viewing 3D models on HoloLens](#viewing-3d-models-on-hololens) to learn more. To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting). If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting).
@ -122,7 +125,7 @@ By default, 3D Viewer Beta displays 3D models at a comfortable size and position
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit. To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
## Viewing 3D models on HoloLens ## Viewing FBX files on HoloLens
### Open an FBX file from Microsoft Edge ### Open an FBX file from Microsoft Edge

4
devices/hololens/hololens-calibration.md
View File

@ -86,6 +86,8 @@ If calibration is unsuccessful try:
If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md). If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system.
### Calibration data and security ### Calibration data and security
Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful. Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
@ -105,6 +107,8 @@ You can also disable the calibration prompt by following these steps:
### HoloLens 2 eye-tracking technology ### HoloLens 2 eye-tracking technology
The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning. The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning.
> [!NOTE]
> Setting the IPD is not applicable for Hololens 2, since eye positions are computed by the system.
HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers dont need to do anything to leverage this capability. HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers dont need to do anything to leverage this capability.

28
devices/hololens/hololens-cortana.md
View File

@ -48,6 +48,19 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c
|Hide and show hand ray | "Hide hand ray" / "Show hand ray" | |Hide and show hand ray | "Hide hand ray" / "Show hand ray" |
|See available speech commands | "What can I say?" | |See available speech commands | "What can I say?" |
Starting with version 19041.x of HoloLens 2, you can also use these commands:
| Say this | To do this |
| - | - |
| "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |
| "Shutdown device" | Bring up a dialogue to confirm you want to turn off the device. You can say "yes" to confirm. |
| "Brightness up/down" | Increase or decrease the display brightness by 10%. |
| "Volume up/down" | Increase or decrease the volume by 10%. |
| "What's my IP address" | Bring up a dialogue displaying your device's current IP address on the local network. |
| "Take a picture" | Capture a mixed reality photo of what you are currently seeing. |
| "Take a video" | Start recording a mixed reality video. |
| "Stop recording" | Stops the current mixed reality video recording if one is in progress. |
### Hologram commands ### Hologram commands
To use these commands, gaze at a 3D object, hologram, or app window. To use these commands, gaze at a 3D object, hologram, or app window.
@ -87,7 +100,7 @@ Sometimes it's helpful to spell out things like email addresses. For instance, t
## Do more with Cortana ## Do more with Cortana
Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. She can give you suggestions, ideas, reminders, alerts, and more. To get her attention, select Cortana on **Start** or say "Hey Cortana" anytime. Cortana can help you do all kinds of things on your HoloLens, but depending on which version of Windows Holographic you're using, the capablities may be different. You can learn more about the updated capabilites of the latest version of Cortana [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
![Hey Cortana!](images/cortana-on-hololens.png) ![Hey Cortana!](images/cortana-on-hololens.png)
@ -96,22 +109,27 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
**Hey, Cortana**... **Hey, Cortana**...
- What can I say? - What can I say?
- Launch <*app name*>.
- What time is it?
- Show me the latest NBA scores.
- Tell me a joke.
If you're using *version 18362.x or earlier*, you can also use these commands:
**Hey, Cortana**...
- Increase the volume. - Increase the volume.
- Decrease the brightness. - Decrease the brightness.
- Shut down. - Shut down.
- Restart. - Restart.
- Go to sleep. - Go to sleep.
- Mute. - Mute.
- Launch <*app name*>.
- Move <*app name*> here (gaze at the spot that you want the app to move to). - Move <*app name*> here (gaze at the spot that you want the app to move to).
- Go to Start. - Go to Start.
- Take a picture. - Take a picture.
- Start recording. (Starts recording a video.) - Start recording. (Starts recording a video.)
- Stop recording. (Stops recording a video.) - Stop recording. (Stops recording a video.)
- What time is it?
- Show me the latest NBA scores.
- How much battery do I have left? - How much battery do I have left?
- Tell me a joke.
Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another. Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.

8
devices/hololens/hololens-insider.md
View File

@ -67,6 +67,7 @@ Here's a quick summary of what's new:
- Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview. - Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview.
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. - Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands - Support for additional system voice commands
- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate - Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product - Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device - More information in settings on HoloLens about the policy pushed to the device
@ -95,9 +96,16 @@ You can now can access these commands with your voice:
- "Volume up" - "Volume up"
- "Volume down" - "Volume down"
- "What is my IP address?" - "What is my IP address?"
- "Take a picture"
- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language. If you're running your system with a different language, please try the appropriate commands in that language.
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Dark mode ### Dark mode
Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."** Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
Here are some of the in-box apps that support Dark mode! Here are some of the in-box apps that support Dark mode!

0
devices/surface-hub/images/sccm-additional.png → devices/surface-hub/images/configmgr-additional.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

0
devices/surface-hub/images/sccm-create.png → devices/surface-hub/images/configmgr-create.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 47 KiB

After

Width:  |  Height:  |  Size: 47 KiB

0
devices/surface-hub/images/sccm-oma-uri.png → devices/surface-hub/images/configmgr-oma-uri.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

0
devices/surface-hub/images/sccm-platform.png → devices/surface-hub/images/configmgr-platform.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

0
devices/surface-hub/images/sccm-team.png → devices/surface-hub/images/configmgr-team.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

14
devices/surface-hub/index.yml
View File

@ -25,17 +25,17 @@ highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items: items:
# Card # Card
- title: What is Surface Hub 2S? - title: What's new in Surface Hub 2S?
itemType: overview itemType: whats-new
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099 url: surface-hub-2s-whats-new.md
# Card # Card
- title: Surface Hub security overview - title: Surface Hub security overview
itemType: learn itemType: learn
url: surface-hub-security.md url: surface-hub-security.md
# Card # Card
- title: What's new in Surface Hub 2S? - title: Manage Surface Hub 2S with Intune
itemType: whats-new itemType: how-to-guide
url: surface-hub-2s-whats-new.md url: surface-hub-2s-manage-intune.md
# Card # Card
- title: Operating system essentials - title: Operating system essentials
itemType: learn itemType: learn

110
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -18,7 +18,7 @@ ms.localizationpriority: medium
Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx). Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
Surface Hub has been validated with Microsofts first-party MDM providers: Surface Hub has been validated with Microsoft's first-party MDM providers:
- Microsoft Intune standalone - Microsoft Intune standalone
- On-premises MDM with Microsoft Endpoint Configuration Manager - On-premises MDM with Microsoft Endpoint Configuration Manager
@ -65,25 +65,25 @@ For more information, see [SurfaceHub configuration service provider](https://ms
| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes | | Maintenance hours | MaintenanceHoursSimple/Hours/StartTime <br> MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes | | Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes | | Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID <br> MOMAgent/WorkspaceKey | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager | Yes |
| Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Friendly name for wireless projection | Properties/FriendlyName | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | | Device account, including password rotation | DeviceAccount/*`<name_of_policy>`* <br> See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set default volume | Properties/DefaultVolume | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set screen timeout | Properties/ScreenTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set session timeout | Properties/SessionTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set sleep timeout | Properties/SleepTimeout | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes </br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -97,12 +97,12 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. <br> . | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. <br> | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -110,15 +110,15 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -126,13 +126,13 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -140,7 +140,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*`<name of policy>`* <br> See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes | | Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -150,8 +150,8 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes | | Reboot the device immediately | Use in conjunction with OMS to minimize support costs see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent <br> See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -180,7 +180,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -188,7 +188,7 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
@ -196,12 +196,12 @@ The following tables include info on Windows 10 settings that have been validate
| Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? | | Setting | Details | CSP reference | Supported with<br>Intune? | Supported with<br>Configuration Manager? | Supported with<br>SyncML\*? |
|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| |----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-intune) | Yes.<br> [Use a custom setting.](#example-sccm) | Yes | | Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes <br> [Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.<br> [Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes |
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. \*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Generate OMA URIs for settings ### Generate OMA URIs for settings
You need to use a settings OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager. You need to use a setting's OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
**To generate the OMA URI for any setting in the CSP documentation** **To generate the OMA URI for any setting in the CSP documentation**
1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br> 1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/<name of CSP>` <br>
@ -217,15 +217,13 @@ The data type is also stated in the CSP documentation. The most common data type
- bool (Boolean) - bool (Boolean)
<span id="example-intune">
## Example: Manage Surface Hub settings with Microsoft Intune ## Example: Manage Surface Hub settings with Microsoft Intune
You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**. You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**.
<span id="example-sccm"> ## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs. Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
> [!NOTE] > [!NOTE]
@ -238,26 +236,26 @@ Configuration Manager supports managing modern devices that do not require the C
3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item. 3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item.
4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**. 4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**.
![example of UI](images/sccm-create.png) ![example of UI](images/configmgr-create.png)
5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**. 5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**.
![select platform](images/sccm-platform.png) ![select platform](images/configmgr-platform.png)
7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**. 7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**.
8. On the **Windows 10 Team** page, configure the settings you require. 8. On the **Windows 10 Team** page, configure the settings you require.
![Windows 10 Team](images/sccm-team.png) ![Windows 10 Team](images/configmgr-team.png)
9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**. 9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**.
![additional settings](images/sccm-additional.png) ![additional settings](images/configmgr-additional.png)
10. On the **Additional Settings** page, click **Add**. 10. On the **Additional Settings** page, click **Add**.
11. In the **Browse Settings** dialog, click **Create Setting**. 11. In the **Browse Settings** dialog, click **Create Setting**.
12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting. 12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting.
13. Under **Setting type**, select **OMA URI**. 13. Under **Setting type**, select **OMA URI**.
14. Complete the form to create a new setting, and then click **OK**. 14. Complete the form to create a new setting, and then click **OK**.
![OMA URI setting](images/sccm-oma-uri.png) ![OMA URI setting](images/configmgr-oma-uri.png)
15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**. 15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**.
16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**. 16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**.
17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item. 17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item.

20
devices/surface/index.yml
View File

@ -24,17 +24,18 @@ additionalContent:
- title: For IT Professionals # < 60 chars (optional) - title: For IT Professionals # < 60 chars (optional)
items: items:
# Card # Card
- title: Surface devices - title: Surface devices documentation
summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
url: https://docs.microsoft.com/en-us/surface/get-started url: https://docs.microsoft.com/en-us/surface/get-started
# Card # Card
- title: Surface Hub - title: Surface Hub documentation
summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Learn how to plan, deploy, manage, and support your Surface Hub devices. summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device.
url: https://docs.microsoft.com/surface-hub/index url: https://docs.microsoft.com/surface-hub/index
# Card # Card
- title: Surface for Business - title: Surface Hub adoption guidance
summary: Explore how Surface devices are transforming the modern workplace with people-centric design and flexible form factors, helping you get the most out of AI, big data, the cloud, and other foundational technologies. summary: Get best practices for technical readiness and adoption across your lines of business.
url: https://www.microsoft.com/surface/business url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
- title: Other resources # < 60 chars (optional) - title: Other resources # < 60 chars (optional)
items: items:
# Card # Card
@ -51,8 +52,7 @@ additionalContent:
url: https://docs.microsoft.com/learn/browse/?term=Surface url: https://docs.microsoft.com/learn/browse/?term=Surface
- text: Microsoft Mechanics Surface videos - text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
- text: Surface Hub 2S adoption and training
url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
# Card # Card
- title: Need help? - title: Need help?
links: links:
@ -60,3 +60,5 @@ additionalContent:
url: https://support.microsoft.com/products/surface-devices url: https://support.microsoft.com/products/surface-devices
- text: Surface Hub - text: Surface Hub
url: https://support.microsoft.com/hub/4343507/surface-hub-help url: https://support.microsoft.com/hub/4343507/surface-hub-help
- text: Contact Surface Hub Support
url: https://support.microsoft.com/supportforbusiness/productselection?sapId=bb7066fb-e329-c1c0-9c13-8e9949c6a64e

2
devices/surface/surface-diagnostic-toolkit-for-business-intro.md
View File

@ -29,7 +29,7 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
**To run the Surface Diagnostic Toolkit for Business:** **To run the Surface Diagnostic Toolkit for Business:**
1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B). 1. Download the Surface Diagnostic Toolkit for Business. To do this, go to the [**Surface Tools for IT** download page](https://www.microsoft.com/download/details.aspx?id=46703), choose **Download**, select **Surface Diagnostic Toolkit for Business** from the provided list, and choose **Next**.
2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business). 2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.

1
devices/surface/surface-system-sku-reference.md
View File

@ -39,6 +39,7 @@ System Model and System SKU are variables that are stored in the System Manageme
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial | | Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer | | Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial | | Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop | Surface Laptop | Surface_Laptop |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer | | Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial | | Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 | | Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |

8
windows/client-management/generate-kernel-or-complete-crash-dump.md
View File

@ -9,7 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan ms.author: delhan
ms.date: 8/28/2019 ms.date: 8/28/2019
ms.reviewer: ms.reviewer:
manager: dcscontentpm manager: willchen
--- ---
# Generate a kernel or complete crash dump # Generate a kernel or complete crash dump
@ -61,7 +61,7 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
2. Select **Start**, and then select **Command Prompt**. 2. Select **Start**, and then select **Command Prompt**.
3. At the command line, run the following command: 3. At the command line, run the following command:
```cmd ```console
notMyfault.exe /crash notMyfault.exe /crash
``` ```
@ -80,6 +80,7 @@ To do this, follow these steps:
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
1. In Registry Editor, locate the following registry subkey: 1. In Registry Editor, locate the following registry subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl** **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**. 2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
@ -101,6 +102,8 @@ To do this, follow these steps:
9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction. 9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](https://docs.microsoft.com/azure/virtual-machines/linux/serial-console-nmi-sysrq).
### Use the keyboard ### Use the keyboard
[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard) [Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
@ -108,4 +111,3 @@ To do this, follow these steps:
### Use Debugger ### Use Debugger
[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) [Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)

42
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -9,7 +9,6 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: lomayor author: lomayor
ms.date: 09/05/2017
--- ---
# Azure Active Directory integration with MDM # Azure Active Directory integration with MDM
@ -37,7 +36,8 @@ Windows 10 introduces a new way to configure and deploy corporate owned Windows
Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD. Azure AD Join also enables company owned devices to be automatically enrolled in, and managed by an MDM. Furthermore, Azure AD Join can be performed on a store-bought PC, in the out-of-box experience (OOBE), which helps organizations streamline their device deployment. An administrator can require that users belonging to one or more groups enroll their devices for management with an MDM. If a user is configured to require automatic enrollment during Azure AD Join, this enrollment becomes a mandatory step to configure Windows. If the MDM enrollment fails, then the device will not be joined to Azure AD.
> **Important**  Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](https://msdn.microsoft.com/library/azure/dn499825.aspx) license. > [!IMPORTANT]
> Every user enabled for automatic MDM enrollment with Azure AD Join must be assigned a valid [Azure Active Directory Premium](https://msdn.microsoft.com/library/azure/dn499825.aspx) license.
### BYOD scenario ### BYOD scenario
@ -60,7 +60,8 @@ For Azure AD enrollment to work for an Active Directory Federated Services (AD F
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar. Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar.
> **Note**  Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account. > [!NOTE]
> Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
### MDM endpoints involved in Azure AD integrated enrollment ### MDM endpoints involved in Azure AD integrated enrollment
@ -80,7 +81,7 @@ To support Azure AD enrollment, MDM vendors must host and expose a Terms of Use
<a href="" id="terms-of-use-endpoint-"></a>**Terms of Use endpoint** <a href="" id="terms-of-use-endpoint-"></a>**Terms of Use endpoint**
Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting users consent before the actual enrollment phase begins. Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting users consent before the actual enrollment phase begins.
Its important to understand that the Terms of Use flow is a "black box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g. users in certain geographies may be subject to stricter device management policies). Its important to understand that the Terms of Use flow is a "black box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL, and the user is expected to be redirected back after approving (or in some cases rejecting) the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios (e.g., different levels of control are applied on BYOD vs. company-owned devices) or implement user/group based targeting (e.g., users in certain geographies may be subject to stricter device management policies).
The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. Its not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD. The Terms of Use endpoint can be used to implement additional business logic, such as collecting a one-time PIN provided by IT to control device enrollment. However, MDM vendors must not use the Terms of Use flow to collect user credentials, which could lead to a highly degraded user experience. Its not needed, since part of the MDM integration ensures that the MDM service can understand tokens issued by Azure AD.
@ -103,7 +104,8 @@ A cloud-based MDM is a SaaS application that provides device management capabili
The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661). The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661).
> **Note**  For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. > [!NOTE]
> For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal.
The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs. The keys used by the MDM application to request access tokens from Azure AD are managed within the tenant of the MDM vendor and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, regardless of the customer tenent to which the device being managed belongs.
@ -136,7 +138,7 @@ For more information about how to register a sample application with Azure AD, s
An on-premises MDM application is inherently different that a cloud MDM. It is a single-tenant application that is present uniquely within the tenant of the customer. Therefore, customers must add the application directly within their own tenant. Additionally, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD. An on-premises MDM application is inherently different that a cloud MDM. It is a single-tenant application that is present uniquely within the tenant of the customer. Therefore, customers must add the application directly within their own tenant. Additionally, each instance of an on-premises MDM application must be registered separately and has a separate key for authentication with Azure AD.
The customer experience for adding an on-premises MDM to their tenant is similar to that as the cloud-based MDM. There is an entry in the Azure AD app gallery to add an on-premises MDN to the tenant and administrators can configure the required URLs for enrollment and Terms of Use. To add an on-premises MDM application to the tenant, there is an entry under the Azure AD service, specifically under **Mobility (MDM and MAM)** > **Add application**. Administrators can configure the required URLs for enrollment and Terms of Use.
Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance. Your on-premises MDM product must expose a configuration experience where administrators can provide the client ID, app ID, and the key configured in their directory for that MDM application. You can use this client ID and key to request tokens from Azure AD when reporting device compliance.
@ -236,7 +238,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
<thead> <thead>
<tr class="header"> <tr class="header">
<th>CXH-HOST (HTTP HEADER)</th> <th>CXH-HOST (HTTP HEADER)</th>
<th>Senario</th> <th>Scenario</th>
<th>Background Theme</th> <th>Background Theme</th>
<th>WinJS</th> <th>WinJS</th>
<th>Scenario CSS</th> <th>Scenario CSS</th>
@ -343,14 +345,14 @@ The following claims are expected in the access token passed by Windows to the T
</tbody> </tbody>
</table> </table>
&gt; <strong>Note</strong> There is no device ID claim in the access token because the device may not yet be enrolled at this time. > [!NOTE]
> There is no device ID claim in the access token because the device may not yet be enrolled at this time.
To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654). To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654).
Here's an example URL. Here's an example URL.
``` syntax ```console
https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm/ToUResponse&client-request-id=34be581c-6ebd-49d6-a4e1-150eff4b7213&api-version=1.0 https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm/ToUResponse&client-request-id=34be581c-6ebd-49d6-a4e1-150eff4b7213&api-version=1.0
Authorization: Bearer eyJ0eXAiOi Authorization: Bearer eyJ0eXAiOi
``` ```
@ -390,7 +392,7 @@ If an error was encountered during the terms of use processing, the MDM can retu
Here is the URL format: Here is the URL format:
``` syntax ```console
HTTP/1.1 302 HTTP/1.1 302
Location: Location:
<redirect_uri>?error=access_denied&error_description=Access%20is%20denied%2E <redirect_uri>?error=access_denied&error_description=Access%20is%20denied%2E
@ -426,7 +428,7 @@ The following table shows the error codes.
<td style="vertical-align:top"><p>unsupported version</p></td> <td style="vertical-align:top"><p>unsupported version</p></td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td style="vertical-align:top"><p>Tenant or user data are missingor other required prerequisites for device enrollment are not met</p></td> <td style="vertical-align:top"><p>Tenant or user data are missing or other required prerequisites for device enrollment are not met</p></td>
<td style="vertical-align:top"><p>302</p></td> <td style="vertical-align:top"><p>302</p></td>
<td style="vertical-align:top"><p>unauthorized_client</p></td> <td style="vertical-align:top"><p>unauthorized_client</p></td>
<td style="vertical-align:top"><p>unauthorized user or tenant</p></td> <td style="vertical-align:top"><p>unauthorized user or tenant</p></td>
@ -601,7 +603,7 @@ In this scenario, the MDM enrollment applies to a single user who initially adde
<a href="" id="evaluating-azure-ad-user-tokens"></a>**Evaluating Azure AD user tokens** <a href="" id="evaluating-azure-ad-user-tokens"></a>**Evaluating Azure AD user tokens**
The Azure AD token is in the HTTP Authorization header in the following format: The Azure AD token is in the HTTP Authorization header in the following format:
``` syntax ```console
Authorization:Bearer <Azure AD User Token Inserted here> Authorization:Bearer <Azure AD User Token Inserted here>
``` ```
@ -621,7 +623,7 @@ Access token issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is
An alert is sent when the DM session starts and there is an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example: An alert is sent when the DM session starts and there is an Azure AD user logged in. The alert is sent in OMA DM pkg\#1. Here's an example:
``` syntax ```xml
Alert Type: com.microsoft/MDM/AADUserToken Alert Type: com.microsoft/MDM/AADUserToken
Alert sample: Alert sample:
@ -636,7 +638,7 @@ Alert sample:
<Data>UserToken inserted here</Data> <Data>UserToken inserted here</Data>
</Item> </Item>
</Alert> </Alert>
… other xml tags … … other XML tags …
</SyncBody> </SyncBody>
``` ```
@ -665,7 +667,7 @@ Here's an example.
<Data>user</Data> <Data>user</Data>
</Item> </Item>
</Alert> </Alert>
… other xml tags … … other XML tags …
</SyncBody> </SyncBody>
``` ```
@ -682,9 +684,10 @@ For a sample that illustrates how an MDM can obtain an access token using OAuth
The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device currently being managed by it. The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device currently being managed by it.
> **Note**  This is only applicable for approved MDM apps on Windows 10 devices. > [!NOTE]
> This is only applicable for approved MDM apps on Windows 10 devices.
``` syntax ```console
Sample Graph API Request: Sample Graph API Request:
PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1 PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655ca7f52ae1?api-version=beta HTTP/1.1
@ -713,7 +716,7 @@ Response:
When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data. When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
![aadj unenerollment](images/azure-ad-unenrollment.png) ![aadj unenrollment](images/azure-ad-unenrollment.png)
## Error codes ## Error codes
@ -921,4 +924,3 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di

6
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -53,17 +53,17 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID - Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
``` ```
<Data>*S-1-5-32-544&#61440;*S-1-5-11</Data> <Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
``` ```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings - Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
``` ```
<Data>*S-1-5-32-544&#61440;Authenticated Users</Data> <Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
``` ```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings - Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
``` ```
<Data>Authenticated Users&#61440;Administrators</Data> <Data>Authenticated Users&#xF000;Administrators</Data>
``` ```
- Empty input indicates that there are no users configured to have that user right - Empty input indicates that there are no users configured to have that user right

0
windows/configuration/images/sccm-asset.PNG → windows/configuration/images/configmgr-asset.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 91 KiB

After

Width:  |  Height:  |  Size: 91 KiB

0
windows/configuration/images/sccm-assets.PNG → windows/configuration/images/configmgr-assets.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 131 KiB

After

Width:  |  Height:  |  Size: 131 KiB

0
windows/configuration/images/sccm-client.PNG → windows/configuration/images/configmgr-client.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 97 KiB

0
windows/configuration/images/sccm-collection.PNG → windows/configuration/images/configmgr-collection.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 38 KiB

0
windows/configuration/images/sccm-install-os.PNG → windows/configuration/images/configmgr-install-os.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

0
windows/configuration/images/sccm-post-refresh.PNG → windows/configuration/images/configmgr-post-refresh.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 385 KiB

After

Width:  |  Height:  |  Size: 385 KiB

0
windows/configuration/images/sccm-pxe.PNG → windows/configuration/images/configmgr-pxe.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
windows/configuration/images/sccm-site.PNG → windows/configuration/images/configmgr-site.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 41 KiB

0
windows/configuration/images/sccm-software-cntr.PNG → windows/configuration/images/configmgr-software-cntr.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

2
windows/deployment/TOC.md
View File

@ -246,6 +246,8 @@
### Monitor Windows Updates ### Monitor Windows Updates
#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) #### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
#### [Get started with Update Compliance](update/update-compliance-get-started.md) #### [Get started with Update Compliance](update/update-compliance-get-started.md)
##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md)
##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md)
#### [Use Update Compliance](update/update-compliance-using.md) #### [Use Update Compliance](update/update-compliance-using.md)
##### [Need Attention! report](update/update-compliance-need-attention.md) ##### [Need Attention! report](update/update-compliance-need-attention.md)
##### [Security Update Status report](update/update-compliance-security-update-status.md) ##### [Security Update Status report](update/update-compliance-security-update-status.md)

0
windows/deployment/images/sccm-asset.PNG → windows/deployment/images/configmgr-asset.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 91 KiB

After

Width:  |  Height:  |  Size: 91 KiB

0
windows/deployment/images/sccm-assets.PNG → windows/deployment/images/configmgr-assets.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 141 KiB

After

Width:  |  Height:  |  Size: 141 KiB

0
windows/deployment/images/sccm-client.PNG → windows/deployment/images/configmgr-client.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 97 KiB

After

Width:  |  Height:  |  Size: 97 KiB

0
windows/deployment/images/sccm-collection.PNG → windows/deployment/images/configmgr-collection.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 38 KiB

0
windows/deployment/images/sccm-install-os.PNG → windows/deployment/images/configmgr-install-os.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 71 KiB

0
windows/deployment/images/sccm-post-refresh.PNG → windows/deployment/images/configmgr-post-refresh.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 385 KiB

After

Width:  |  Height:  |  Size: 385 KiB

0
windows/deployment/images/sccm-pxe.PNG → windows/deployment/images/configmgr-pxe.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
windows/deployment/images/sccm-site.PNG → windows/deployment/images/configmgr-site.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 41 KiB

After

Width:  |  Height:  |  Size: 41 KiB

0
windows/deployment/images/sccm-software-cntr.PNG → windows/deployment/images/configmgr-software-cntr.PNG
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 35 KiB

6
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -21,7 +21,8 @@ The features described below are no longer being actively developed, and might b
**The following list is subject to change and might not include every affected feature or functionality.** **The following list is subject to change and might not include every affected feature or functionality.**
>If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). > [!NOTE]
> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
|Feature | Details and mitigation | Announced in version | |Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- | | ----------- | --------------------- | ---- |
@ -47,7 +48,6 @@ The features described below are no longer being actively developed, and might b
|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**<br>&nbsp;<br>The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 | |Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**<br>&nbsp;<br>The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 |
|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 | |IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 |
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 | |IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 | |RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | |Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 | |Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 |
@ -63,4 +63,4 @@ The features described below are no longer being actively developed, and might b
|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | |TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 | |IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quite switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.| |wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|

7
windows/deployment/planning/windows-10-removed-features.md
View File

@ -18,7 +18,7 @@ ms.topic: article
Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.** Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.**
For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md) For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md).
> [!NOTE] > [!NOTE]
> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. > Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
@ -50,12 +50,13 @@ The following features and functionalities have been removed from the installed
|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 | |Reading List | Functionality to be integrated into Microsoft Edge. | 1709 |
|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | |Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 | |Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 |
|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 | |TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 |
|Tile Data Layer |To be replaced by the Tile Store.| 1709 | |Tile Data Layer |To be replaced by the Tile Store.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 | |Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 |
|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 | |By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 |
|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 | |Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 |
|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 | |Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 | |NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 | |Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 | |WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |

BIN
windows/deployment/update/images/UC-vid-crop.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/deployment/update/images/UC_00_marketplace_search.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 171 KiB

BIN
windows/deployment/update/images/UC_01_marketplace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 KiB

BIN
windows/deployment/update/images/UC_02_workspace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 123 KiB

BIN
windows/deployment/update/images/UC_03_workspace_select.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 92 KiB

BIN
windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 130 KiB

BIN
windows/deployment/update/images/UC_commercialID.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/UC_commercialID_GP.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/deployment/update/images/UC_telemetrylevel.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 86 KiB

BIN
windows/deployment/update/images/UC_workspace_WDAV_status.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-01-wdav.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 642 KiB

BIN
windows/deployment/update/images/uc-02a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.3 KiB

BIN
windows/deployment/update/images/uc-03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 796 KiB

BIN
windows/deployment/update/images/uc-03a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 150 KiB

BIN
windows/deployment/update/images/uc-04a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 50 KiB

BIN
windows/deployment/update/images/uc-05.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 135 KiB

BIN
windows/deployment/update/images/uc-05a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/deployment/update/images/uc-06.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 110 KiB

BIN
windows/deployment/update/images/uc-06a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/deployment/update/images/uc-07.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/deployment/update/images/uc-07a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/uc-08.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 345 KiB

BIN
windows/deployment/update/images/uc-08a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-09.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
windows/deployment/update/images/uc-09a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-10.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 157 KiB

BIN
windows/deployment/update/images/uc-10a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-11.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-12.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-13.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-14.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 76 KiB

BIN
windows/deployment/update/images/uc-15.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

BIN
windows/deployment/update/images/uc-16.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/deployment/update/images/uc-17.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-18.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deployment/update/images/uc-19.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/deployment/update/images/uc-20.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/deployment/update/images/uc-21.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-22.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deployment/update/images/uc-23.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/deployment/update/images/uc-24.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

BIN
windows/deployment/update/images/uc-25.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
windows/deployment/update/images/uc-DO-status.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 71 KiB

BIN
windows/deployment/update/images/uc-emptyworkspacetile.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/update/images/uc-featureupdatestatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 70 KiB

BIN
windows/deployment/update/images/uc-filledworkspacetile.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.7 KiB

BIN
windows/deployment/update/images/uc-filledworkspaceview.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 103 KiB

BIN
windows/deployment/update/images/uc-needattentionoverview.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 73 KiB

BIN
windows/deployment/update/images/uc-overviewblade.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 35 KiB

BIN
windows/deployment/update/images/uc-perspectiveupdatedeploymentstatus.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 203 KiB

BIN
windows/deployment/update/images/uc-securityupdatestatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 46 KiB

BIN
windows/deployment/update/images/uc-windowsdefenderavstatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 48 KiB

77
windows/deployment/update/update-compliance-configuration-manual.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Manually configuring devices for Update Compliance
ms.reviewer:
manager: laurawi
description: Manually configuring devices for Update Compliance
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
author: jaimeo
ms.author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Manually Configuring Devices for Update Compliance
There are a number of requirements to consider when manually configuring Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations.
3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
## Required policies
> [!NOTE]
> Windows 10 MDM and Group Policies are backed by registry keys. It is not recommended you set these registry keys directly for configuration as it can lead to unexpected behavior, so the exact registry key locations are not provided, though they are referenced for troubleshooting configuration issues with the [Update Compliance Configuration Script](update-compliance-configuration-script.md).
Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
- **Policy** corresponds to the location and name of the policy.
- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) telemetry, but can function off Enhanced or Full (or Optional).
- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
### Mobile Device Management policies
Each MDM Policy links to its documentation in the CSP hierarchy, providing its exact location in the hierarchy and more details.
| Policy | Value | Function |
|---------------------------|-|------------------------------------------------------------|
|**Provider/*ProviderID*/**[**CommercialID**](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |1- Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | Disable Telemetry opt-in Settings | (*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
### Group Policies
All Group Policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.
| Policy | Value | Function |
|---------------------------|-|-----------------------------------------------------------|
|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**Configure telemetry opt-in setting user interface** | Disable telemetry opt-in Settings |(*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
## Required endpoints
To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. Census.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
| `http://adl.windows.com` | Required for Windows Update functionality. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. This also requires Microsoft Account Sign-in Assistant service to be running (wlidsvc). |
## Required services
Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.

99
windows/deployment/update/update-compliance-configuration-script.md Normal file
View File

@ -0,0 +1,99 @@
---
title: Update Compliance Configuration Script
ms.reviewer:
manager: laurawi
description: Downloading and using the Update Compliance Configuration Script
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
author: jaimeo
ms.author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Configuring devices through the Update Compliance Configuration Script
The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
You can [**download the script here**](https://github.com/cinglis-msft/UpdateComplianceConfigurationScript). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
## How the script is organized
The script is organized into two folders **Pilot** and **Deployment**. Both folders have the same key files: `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the .bat itself, which will then execute `ConfigScript.ps1` with the parameters entered to RunConfig.bat.
- The **Pilot** folder and its contents are intended to be used on an initial set of single devices in specific environments (main office & satellite office, for example) for testing and troubleshooting prior to broader deployment. This script is configured to collect and output detailed logs for every device it runs on.
- The **Deployment** folder is intended to be deployed across an entire device population in a specific environment once devices in that environment have been validated with the Pilot script.
## How to use the script
### Piloting and Troubleshooting
> [!IMPORTANT]
> If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support.
When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows:
1. Configure `logPath` to a path where the script will have write access and a place you can easily access. This specifies the output of the log files generated when the script is in Verbose mode.
2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid).
3. Run the script. The script must be run in System context.
4. Examine the Logs output for any issues. If there were issues:
- Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance] (update-compliance-configuration-manual.md).
- Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes.
- Make the necessary corrections and run the script again.
5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder.
### Broad deployment
After verifying on a set of devices in a specific environment that everything is configured correctly, you can proceed to broad deployment.
1. Configure `commercialIDValue` in `RunConfig.bat` to [your CommercialID](update-compliance-get-started.md#get-your-commercialid).
2. Use a management tool like Configuration Manager or Intune to broadly deploy the script to your entire target population.
## Script Error Reference
|Error |Description |
|-|-------------------|
| 27 | Not system account. |
| 37 | Unexpected exception when collecting logs|
| 1 | General unexpected error|
| 6 | Invalid CommercialID|
| 48 | CommercialID is not a GUID|
| 8 | Couldn't create registry key path to setup CommercialID|
| 9 | Couldn't write CommercialID at registry key path|
| 53 | There are conflicting CommercialID values.|
| 11 | Unexpected result when setting up CommercialID.|
| 62 | AllowTelemetry registry key is not of the correct type `REG_DWORD`|
| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
| 64 | AllowTelemetry is not of the correct type `REG_DWORD`.|
| 99 | Device is not Windows 10.|
| 40 | Unexpected exception when checking and setting telemetry.|
| 12 | CheckVortexConnectivity failed, check Log output for more information.|
| 12 | Unexpected failure when running CheckVortexConnectivity.|
| 66 | Failed to verify UTC connectivity and recent uploads.|
| 67 | Unexpected failure when verifying UTC CSP connectivity of the WMI Bridge.|
| 41 | Unable to impersonate logged-on user.|
| 42 | Unexpected exception when attempting to impersonate logged-on user.|
| 43 | Unexpected exception when attempting to impersonate logged-on user.|
| 16 | Reboot is pending on device, restart device and restart script.|
| 17 | Unexpected exception in CheckRebootRequired.|
| 44 | Error when running CheckDiagTrack service.|
| 45 | DiagTrack.dll not found.|
| 50 | DiagTrack service not running.|
| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
| 55 | Failed to create new registry path for `SetDeviceNameOptIn` of the PowerShell script.|
| 56 | Failed to create property for `SetDeviceNameOptIn` of the PowerShell script at registry path.|
| 57 | Failed to update value for `SetDeviceNameOptIn` of the PowerShell script.|
| 58 | Unexpected exception in `SetDeviceNameOptIn` of the PowerShell script.|
| 59 | Failed to delete `LastPersistedEventTimeOrFirstBoot` property at registry path when attempting to clean up OneSettings.|
| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
| 61 | Unexpected exception when attempting to clean up OneSettings.|
| 52 | Could not find Census.exe|
| 51 | Unexpected exception when attempting to run Census.exe|
| 34 | Unexpected exception when attempting to check Proxy settings.|
| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
| 35 | Unexpected exception when checking User Proxy.|

Some files were not shown because too many files have changed in this diff Show More