mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 09:17:25 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into jdsb
This commit is contained in:
Jeanie Decker
commit
fa6a01545a
@ -11,11 +11,6 @@
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "browsers/edge/emie-to-improve-compatibility.md",
|
||||
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/deployment/update/windows-update-sources.md",
|
||||
"redirect_url": "/windows/deployment/update/how-windows-update-works",
|
||||
"redirect_document_id": true
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
## [System requirements and supported languages](about-microsoft-edge.md)
|
||||
|
||||
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
|
||||
|
||||
## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
|
||||
|
||||
## [Group policies & configuration options](group-policies/index.yml)
|
||||
|
||||
@ -35,11 +35,14 @@ Some of the components might also need additional system resources. Check the co
|
||||
| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
|
||||
| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
|
||||
| Peripherals | Internet connection and a compatible pointing device |
|
||||
|
||||
---
|
||||
|
||||
|
||||
## Supported languages
|
||||
|
||||
You can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) with Microsoft Edge to translate foreign language webpages and text selections for 60+ languages.
|
||||
|
||||
If the extension does not work after install, please restart Microsoft Edge. If the extension still is not working, please provide feedback through the Feedback Hub.
|
||||
|
||||
Microsoft Edge supports all of the same languages as Windows 10, including:
|
||||
|
||||
|
||||
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
@ -0,0 +1,60 @@
|
||||
---
|
||||
description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
|
||||
ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
|
||||
author: shortpatti
|
||||
ms.author: pashort
|
||||
ms.manager: dougkim
|
||||
ms.prod: browser-edge
|
||||
ms.mktglfcycl: support
|
||||
ms.sitesec: library
|
||||
ms.pagetype: appcompat
|
||||
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
|
||||
ms.localizationpriority: high
|
||||
ms.date: 10/09/2018
|
||||
---
|
||||
|
||||
# Use Enterprise Mode to improve compatibility
|
||||
|
||||
> Applies to: Windows 10
|
||||
|
||||
If you have specific web sites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy.
|
||||
|
||||
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
|
||||
|
||||
|
||||
[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)]
|
||||
|
||||
## Enterprise guidance
|
||||
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
|
||||
|
||||
We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
|
||||
|
||||
If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization.
|
||||
|
||||
<br>
|
||||
[Click to enlarge](img-microsoft-edge-infographic-lg.md)<br>
|
||||
[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
|
||||
|
||||
|
||||
|Microsoft Edge |IE11 |
|
||||
|---------|---------|
|
||||
|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.<ul><li>**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.</li><li>**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.</li><li>**Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.</li><li>**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.</li></ul> |IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.<ul><li>**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.</li><li>**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.</li><li>**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.</li><li>**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.</li><li>**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.</li><li>**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.</li></ul> |
|
||||
|
||||
|
||||
## Configure the Enterprise Mode Site List
|
||||
[Available policy options](includes/configure-enterprise-mode-site-list-include.md)
|
||||
|
||||
|
||||
## Related topics
|
||||
* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
|
||||
* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
|
||||
* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
|
||||
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
||||
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
||||
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager)
|
||||
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
|
||||
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
|
||||
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
|
||||
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
|
||||
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
|
||||
- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
|
||||
@ -202,7 +202,7 @@ sections:
|
||||
|
||||
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp
|
||||
|
||||
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the the Sync your Settings toggle.</p>
|
||||
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.</p>
|
||||
|
||||
image:
|
||||
|
||||
|
||||
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
description: A full-sized view of the Microsoft Edge infographic.
|
||||
title: Full-sized view of the Microsoft Edge infographic
|
||||
ms.date: 11/10/2016
|
||||
---
|
||||
|
||||
Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)<br>
|
||||
Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
|
||||
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.prod: edge
|
||||
ms.sitesec: library
|
||||
title: Deploy Microsoft Edge kiosk mode
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Deploy Microsoft Edge kiosk mode
|
||||
@ -20,7 +20,7 @@ Microsoft Edge kiosk mode supports four configurations types. For example, you c
|
||||
|
||||
In addition to digital/interactive signage, you can configure Microsoft Edge kiosk mode for public browsing either on a single or multi-app kiosk device. The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge.
|
||||
|
||||
In single-app public browsing, there is an “End session” button and reset after an idle timeout. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
||||
In single-app public browsing, there is an “End session” button and reset after an idle timeout option. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
||||
|
||||
In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
|
||||
|
||||
@ -40,7 +40,7 @@ The single-app Microsoft Edge kiosk mode types are:
|
||||
|
||||
- **Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet. Use interactive signage for things like a building business directory or restaurant order/pay station.
|
||||
|
||||
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads. Use the “Configure kiosk reset after idle timeout” policy to set the idle timer, which is set to 5 minutes by default.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
||||
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
||||
|
||||
|
||||
|
||||
@ -66,22 +66,21 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
|
||||
|
||||
- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can setup Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) expereince and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout.
|
||||
|
||||
IMPORTANT: Do not use the Windows 10 Settings to configure multi-app kiosks.
|
||||
>[!IMPORTANT]
|
||||
>Do not use the Windows 10 Settings to configure multi-app kiosks.
|
||||
|
||||
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode]().
|
||||
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
|
||||
|
||||
>[!NOTE]
|
||||
>For other MDM service, check with your provider for instructions.
|
||||
|
||||
- **Windows PowerShell.** Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see [Set up a kiosk or digital sign using Windows PowerShell](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-using-windows-powershell).
|
||||
|
||||
- **Windows Configuration Designer.** Best for setting up multiple kiosk devices. Download and install both the latest version of the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and [Windows Configuration Manager](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd#install-windows-configuration-designer-1).
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
|
||||
|
||||
- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
||||
- Configuration and deployment service, such as Microsoft Intune or other MDM service. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
||||
|
||||
|
||||
### Use Windows Settings
|
||||
@ -124,7 +123,7 @@ When you set up a single-app kiosk device using Windows Settings, you must first
|
||||
|
||||
11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration.
|
||||
|
||||
*Congratulations!* You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
||||
**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
||||
|
||||
**_Next steps._**
|
||||
|
||||
@ -141,60 +140,25 @@ With this method, you can use Microsoft Intune or other MDM services to configur
|
||||
>[!IMPORTANT]
|
||||
>If you are using a local account as a kiosk account in Microsoft Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
||||
|
||||
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
||||
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
||||
|
||||
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
||||
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
||||
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
---
|
||||
<br>
|
||||
|
||||
|
||||
**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
|
||||
|
||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
||||
|
||||
### Use a provisioning package
|
||||
|
||||
With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
||||
|
||||
1. Open Windows Configuration Designer and select **Provision Kiosk devices**.
|
||||
|
||||
2. Name your project, and click **Next**.
|
||||
|
||||
3. [Set up a kiosk](https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#set-up-a-kiosk-using-the-kiosk-wizard-in-windows-configuration-designer).
|
||||
|
||||
4. Switch to the advanced editor and navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
|
||||
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
---
|
||||
|
||||
5. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to [build the package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
|
||||
|
||||
6. Click **Finish**.<p>The wizard closes and takes you back to the Customizations page.
|
||||
|
||||
7. [Apply the provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package) to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime).
|
||||
|
||||
**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
|
||||
|
||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
||||
|
||||
---
|
||||
|
||||
## Microsoft Edge kiosk mode policies
|
||||
@ -213,69 +177,69 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
||||
|
||||
| **MDM Setting** | **Digital /<br>Interactive signage** | **Public browsing<br>single-app** | **Public browsing<br>multi-app** | **Normal<br>mode** |
|
||||
|------------------|:---------:|:---------:|:---------:|:---------:|
|
||||
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
||||
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
||||
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
||||
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
||||
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
||||
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
||||
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
||||
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
||||
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
||||
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
||||
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
||||
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
||||
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
||||
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
||||
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
||||
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
||||
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
||||
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
||||
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
||||
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
||||
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
||||
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
||||
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
||||
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
||||
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
||||
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
||||
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
||||
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
||||
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
||||
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
||||
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
||||
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
||||
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
||||
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
||||
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
||||
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
||||
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
||||
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
||||
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
||||
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
||||
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
||||
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
||||
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
||||
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
||||
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
||||
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
||||
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
||||
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
||||
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
||||
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
||||
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
||||
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
||||
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
||||
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
||||
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
||||
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
||||
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
||||
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
||||
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
||||
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
||||
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
||||
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
||||
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
||||
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
||||
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
||||
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
||||
| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
||||
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
||||
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
||||
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
||||
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
||||
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
||||
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
||||
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
||||
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
||||
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
||||
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
||||
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
||||
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
||||
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
||||
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
||||
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
||||
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
||||
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
||||
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
||||
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
||||
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
||||
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
||||
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
||||
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
||||
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
||||
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
||||
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
||||
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
||||
---
|
||||
|
||||
*\* New policy as of Windows 10, version 1809.*<p>
|
||||
*1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
|
||||
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
||||
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
||||
|
||||
**Legend:**<p>
|
||||
 = Not applicable or not supported <br>
|
||||
@ -301,7 +265,6 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
||||
|
||||
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
|
||||
|
||||
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
|
||||
|
||||
---
|
||||
|
||||
@ -316,19 +279,20 @@ To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Micro
|
||||
## Feature comparison of kiosk mode and kiosk browser app
|
||||
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
|
||||
|
||||
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
||||
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
||||
|---------------|:----------------:|:---------------:|
|
||||
| Print support |  |  |
|
||||
| Multi-tab support |  |  |
|
||||
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Configure Home Button |  |  |
|
||||
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
||||
| Set New Tab page URL |  |  |
|
||||
| Favorites management |  |  |
|
||||
| End session button |  | <p>*In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
||||
| Multi-tab support |  |  |
|
||||
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Configure Home Button |  |  |
|
||||
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
||||
| Set New Tab page URL |  |  |
|
||||
| Favorites management |  |  |
|
||||
| End session button |  | <p>*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
||||
| Reset on inactivity |  |  |
|
||||
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
||||
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
||||
| Available in Microsoft Store |  |  |
|
||||
---
|
||||
|
||||
**\*Windows Defender Firewall**<p>
|
||||
|
||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.0 client configuration.
|
||||
|
||||
`$config = Get-AppvClientConfiguration`
|
||||
|
||||
`Set-AppcClientConfiguration $config`
|
||||
`Set-AppvClientConfiguration $config`
|
||||
|
||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
||||
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||
|
||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||
|
||||
|
||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.1 client configuration.
|
||||
|
||||
`$config = Get-AppvClientConfiguration`
|
||||
|
||||
`Set-AppcClientConfiguration $config`
|
||||
`Set-AppvClientConfiguration $config`
|
||||
|
||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
||||
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||
|
||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
|
||||
|
||||
To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**.
|
||||
|
||||
5. Use the Configuration Manager console to confirm that that the following new configuration items are displayed:
|
||||
5. Use the Configuration Manager console to confirm that the following new configuration items are displayed:
|
||||
|
||||
- BitLocker Fixed Data Drives Protection
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ The following image shows the ClientCertificateInstall configuration service pro
|
||||
<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
|
||||
|
||||
<a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-pfxcertpasswordencryptiontype"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
|
||||
<p style="margin-left: 20px">Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
||||
<p style="margin-left: 20px">Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
||||
|
||||
<p style="margin-left: 20px">The data type is int. Valid values:
|
||||
|
||||
|
||||
@ -2744,11 +2744,15 @@ The following list shows the configuration service providers supported in Window
|
||||
- [DMAcc CSP](dmacc-csp.md)
|
||||
- [DMClient CSP](dmclient-csp.md)
|
||||
- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
|
||||
- [HealthAttestation CSP](healthattestation-csp.md)
|
||||
- [Policy CSP](policy-configuration-service-provider.md)
|
||||
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
|
||||
- [Reboot CSP](reboot-csp.md)
|
||||
- [RemoteWipe CSP](remotewipe-csp.md) 1
|
||||
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
|
||||
- [Update CSP](update-csp.md)
|
||||
- [VPNv2 CSP](vpnv2-csp.md)
|
||||
- [WiFi CSP](wifi-csp.md)
|
||||
|
||||
|
||||
Footnotes:
|
||||
- 1 - Added in Windows 10, version 1809
|
||||
|
||||
@ -1055,7 +1055,7 @@ If you choose to completely wipe a device when lost or when an employee leaves t
|
||||
|
||||
A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system.
|
||||
|
||||
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
||||
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
||||
|
||||
**Settings for personal or corporate device retirement**
|
||||
- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
|
||||
|
||||
@ -6,7 +6,7 @@ keywords: ["group policy", "start menu", "start screen"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: coreyp
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 06/19/2018
|
||||
|
||||
- Windows 10
|
||||
|
||||
> **Looking for consumer information?** See [Customize the Start menu](https://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu)
|
||||
> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
|
||||
|
||||
Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Pro, Enterprise, or Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.
|
||||
|
||||
|
||||
@ -57,7 +57,7 @@ Clicking the header of the Frequently Crashing Devices blade opens a reliability
|
||||
Notice the filters in the left pane; they allow you to filter the crash rate shown to a particular operating system version, device model, or other parameter.
|
||||
|
||||
>[!NOTE]
|
||||
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that that version has a low crash rate.
|
||||
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that the version has a low crash rate.
|
||||
|
||||
>[!TIP]
|
||||
>Once you've applied a filter (for example setting OSVERSION=1607) you will see the query in the text box change to append the filter (for example, with “(OSVERSION=1607)”). To undo the filter, remove that part of the query in the text box and click the search button to the right of the text box to run the adjusted query.”
|
||||
|
||||
@ -53,7 +53,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
|
||||
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
||||
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
||||
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
||||
| `https://login.live.com` | This end-point is required by Device Health to ensure data integrity and provides a more reliable device identity for all Windows Analtyics solutions on Windows 10. Those who wish to disable end-user MSA access should do so by applying [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) rather than blocking this end-point. |
|
||||
| `https://login.live.com` | This end-point is required by Device Health to ensure data integrity and provides a more reliable device identity for all Windows Analytics solutions on Windows 10. Those who wish to disable end-user MSA access should do so by applying [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) rather than blocking this end-point. |
|
||||
| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
||||
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.date: 09/26/2018
|
||||
ms.date: 10/10/2018
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
@ -45,7 +45,7 @@ Upgrade Readiness is offered as a *solution* which you link to a new or existing
|
||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||
|
||||
>[!NOTE]
|
||||
> Upgrade Readiness is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
||||
> Upgrade Readiness is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
||||
|
||||
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 07/13/18
|
||||
---
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 08/22/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -334,7 +334,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -670,7 +670,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -4388,7 +4388,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
|
||||
@ -9,7 +9,7 @@ ms.pagetype: security
|
||||
localizationpriority: high
|
||||
author: brianlic-msft
|
||||
ms.author: brianlic
|
||||
ms.date: 09/10/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
|
||||
@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
|
||||
|
||||
You can learn more about Windows functional and diagnostic data through these articles:
|
||||
|
||||
|
||||
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
|
||||
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
|
||||
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
|
||||
@ -76,9 +77,9 @@ The following fields are available:
|
||||
- **SystemProcessorNx** The count of the number of this particular object type present on this device.
|
||||
- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine.
|
||||
- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine.
|
||||
- **SystemTouch** The count of SystemTouch objects present on this machine.
|
||||
- **SystemTouch** The count of the number of this particular object type present on this device.
|
||||
- **SystemWim** The count of SystemWim objects present on this machine.
|
||||
- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine.
|
||||
- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
|
||||
- **SystemWlan** The count of the number of this particular object type present on this device.
|
||||
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
|
||||
- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
|
||||
@ -358,7 +359,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -705,7 +706,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -1544,14 +1545,14 @@ This event provides information on about security settings used to help keep Win
|
||||
The following fields are available:
|
||||
|
||||
- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
|
||||
- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
|
||||
- **CGRunning** Is Credential Guard running?
|
||||
- **DGState** This field summarizes the Device Guard state.
|
||||
- **HVCIRunning** Is HVCI running?
|
||||
- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
|
||||
- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
|
||||
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
|
||||
- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
|
||||
- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
|
||||
- **SecureBootCapable** Is this device capable of running Secure Boot?
|
||||
- **VBSState** Is virtualization-based security enabled, disabled, or running?
|
||||
|
||||
|
||||
### Census.Speech
|
||||
@ -2956,6 +2957,19 @@ The following fields are available:
|
||||
|
||||
## Sediment events
|
||||
|
||||
### Microsoft.Windows.Sediment.Info.DetailedState
|
||||
|
||||
This event is sent when detailed state information is needed from an update trial run.
|
||||
|
||||
The following fields are available:
|
||||
|
||||
- **Data** Data relevant to the state, such as what percent of disk space the directory takes up.
|
||||
- **Id** Identifies the trial being run, such as a disk related trial.
|
||||
- **ReleaseVer** The version of the component.
|
||||
- **State** The state of the reporting data from the trial, such as the top-level directory analysis.
|
||||
- **Time** The time the event was fired.
|
||||
|
||||
|
||||
### Microsoft.Windows.Sediment.OSRSS.UrlState
|
||||
|
||||
This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL.
|
||||
@ -3579,14 +3593,14 @@ The following fields are available:
|
||||
- **BIOSVendor** The vendor of the BIOS.
|
||||
- **BiosVersion** The version of the BIOS.
|
||||
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
|
||||
- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install?
|
||||
- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install.
|
||||
- **BundleRevisionNumber** Identifies the revision number of the content bundle.
|
||||
- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
|
||||
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
|
||||
- **ClientVersion** The version number of the software distribution client.
|
||||
- **CSIErrorType** The stage of CBS installation where it failed.
|
||||
- **CurrentMobileOperator** Mobile operator that device is currently connected to.
|
||||
- **DeviceModel** What is the device model.
|
||||
- **CurrentMobileOperator** The mobile operator to which the device is currently connected.
|
||||
- **DeviceModel** The device model.
|
||||
- **DriverPingBack** Contains information about the previous driver and system state.
|
||||
- **EventInstanceID** A globally unique identifier for event instance.
|
||||
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
|
||||
@ -3602,21 +3616,21 @@ The following fields are available:
|
||||
- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
|
||||
- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
|
||||
- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
|
||||
- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update?
|
||||
- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process?
|
||||
- **IsFirmware** Is this update a firmware update?
|
||||
- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart?
|
||||
- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update.
|
||||
- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
|
||||
- **IsFirmware** Indicates whether this update is a firmware update.
|
||||
- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
|
||||
- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device?
|
||||
- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
|
||||
- **MergedUpdate** Was the OS update and a BSP update merged for installation?
|
||||
- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
|
||||
- **MsiAction** The stage of MSI installation where it failed.
|
||||
- **MsiProductCode** The unique identifier of the MSI installer.
|
||||
- **PackageFullName** The package name of the content being installed.
|
||||
- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced.
|
||||
- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
|
||||
- **QualityUpdatePause** Are quality OS updates paused on the device?
|
||||
- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
|
||||
- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
|
||||
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
|
||||
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install.
|
||||
- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
|
||||
- **RevisionNumber** The revision number of this specific piece of content.
|
||||
- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
|
||||
- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
|
||||
@ -3626,8 +3640,8 @@ The following fields are available:
|
||||
- **SystemBIOSMinorRelease** Minor version of the BIOS.
|
||||
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
|
||||
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
|
||||
- **TransactionCode** The ID which represents a given MSI installation
|
||||
- **UpdateId** Unique update ID
|
||||
- **TransactionCode** The ID that represents a given MSI installation.
|
||||
- **UpdateId** Unique update ID.
|
||||
- **UpdateID** An identifier associated with the specific piece of content.
|
||||
- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
|
||||
- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
|
||||
@ -3995,7 +4009,7 @@ The following fields are available:
|
||||
- **ScenarioId** Indicates the update scenario.
|
||||
- **SessionId** Unique value for each update attempt.
|
||||
- **SetupMode** Mode of setup to be launched.
|
||||
- **UpdateId** Unique ID for each update.
|
||||
- **UpdateId** Unique ID for each Update.
|
||||
- **UserSession** Indicates whether install was invoked by user actions.
|
||||
|
||||
|
||||
@ -4014,7 +4028,7 @@ The following fields are available:
|
||||
- **CV** Correlation vector.
|
||||
- **DetectorVersion** Most recently run detector version for the current campaign.
|
||||
- **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user.
|
||||
- **key1** Interaction data for the UI
|
||||
- **key1** UI interaction data
|
||||
- **key10** UI interaction data
|
||||
- **key11** UI interaction data
|
||||
- **key12** UI interaction data
|
||||
@ -4025,7 +4039,7 @@ The following fields are available:
|
||||
- **key17** UI interaction data
|
||||
- **key18** UI interaction data
|
||||
- **key19** UI interaction data
|
||||
- **key2** Interaction data for the UI
|
||||
- **key2** UI interaction data
|
||||
- **key20** UI interaction data
|
||||
- **key21** Interaction data for the UI
|
||||
- **key22** UI interaction data
|
||||
@ -4036,13 +4050,13 @@ The following fields are available:
|
||||
- **key27** UI interaction data
|
||||
- **key28** UI interaction data
|
||||
- **key29** UI interaction data
|
||||
- **key3** Interaction data for the UI
|
||||
- **key3** UI interaction data
|
||||
- **key30** UI interaction data
|
||||
- **key4** Interaction data for the UI
|
||||
- **key4** UI interaction data
|
||||
- **key5** UI interaction data
|
||||
- **key6** UI interaction data
|
||||
- **key7** Interaction data for the UI
|
||||
- **key8** Interaction data for the UI
|
||||
- **key7** UI interaction data
|
||||
- **key8** UI interaction data
|
||||
- **key9** UI interaction data
|
||||
- **PackageVersion** Current package version of the update notification.
|
||||
- **schema** UI interaction type.
|
||||
@ -4194,9 +4208,9 @@ The following fields are available:
|
||||
- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
|
||||
- **TestId** A string to uniquely identify a group of events.
|
||||
- **WuId** Windows Update client ID.
|
||||
|
||||
@ -4352,7 +4366,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
@ -4388,17 +4402,17 @@ This event provides the results from the WaaSMedic engine
|
||||
The following fields are available:
|
||||
|
||||
- **detectionSummary** Result of each applicable detection that was run.
|
||||
- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
|
||||
- **featureAssessmentImpact** Windows as a Service (WaaS) Assessment impact on feature updates
|
||||
- **hrEngineResult** Indicates the WaaSMedic engine operation error codes
|
||||
- **insufficientSessions** Device not eligible for diagnostics.
|
||||
- **isManaged** Device is managed for updates.
|
||||
- **isWUConnected** Device is connected to Windows Update.
|
||||
- **noMoreActions** No more applicable diagnostics.
|
||||
- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
|
||||
- **insufficientSessions** True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
|
||||
- **isManaged** Indicates the device is managed for updates
|
||||
- **isWUConnected** Indicates the device is connected to Windows Update
|
||||
- **noMoreActions** All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
|
||||
- **qualityAssessmentImpact** Windows as a Service (WaaS) Assessment impact for quality updates
|
||||
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
|
||||
- **usingBackupFeatureAssessment** Relying on backup feature assessment.
|
||||
- **usingBackupQualityAssessment** Relying on backup quality assessment.
|
||||
- **versionString** Version of the WaaSMedic engine.
|
||||
- **usingBackupFeatureAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
|
||||
- **usingBackupQualityAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
|
||||
- **versionString** Installed version of the WaaSMedic engine
|
||||
|
||||
|
||||
## Windows Store events
|
||||
@ -4667,9 +4681,9 @@ FulfillmentComplete event is fired at the end of an app install or update. We us
|
||||
The following fields are available:
|
||||
|
||||
- **FailedRetry** Tells us if the retry for an install or update was successful or not.
|
||||
- **HResult** Resulting HResult error/success code of this call
|
||||
- **PFN** Package Family Name of the app that being installed or updated
|
||||
- **ProductId** Product Id of the app that is being updated or installed
|
||||
- **HResult** The HResult code of the operation.
|
||||
- **PFN** The Package Family Name of the app that is being installed or updated.
|
||||
- **ProductId** The product ID of the app that is being updated or installed.
|
||||
|
||||
|
||||
### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
|
||||
@ -5028,14 +5042,14 @@ This event collects information regarding the install phase of the new device ma
|
||||
|
||||
The following fields are available:
|
||||
|
||||
- **errorCode** The error code returned for the current install phase
|
||||
- **flightId** The unique identifier for each flight
|
||||
- **objectId** Unique value for each Update Agent mode
|
||||
- **relatedCV** Correlation vector value generated from the latest scan
|
||||
- **result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
|
||||
- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
|
||||
- **sessionId** Unique value for each Update Agent mode attempt
|
||||
- **updateId** Unique ID for each update
|
||||
- **errorCode** The error code returned for the current install phase.
|
||||
- **flightId** Unique ID for each flight.
|
||||
- **objectId** Unique value for each diagnostics session.
|
||||
- **relatedCV** Correlation vector value generated from the latest USO scan.
|
||||
- **result** Outcome of the install phase of the update.
|
||||
- **scenarioId** Indicates the update scenario.
|
||||
- **sessionId** Unique value for each update session.
|
||||
- **updateId** Unique ID for each Update.
|
||||
|
||||
|
||||
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
|
||||
@ -5108,7 +5122,7 @@ The following fields are available:
|
||||
- **interactive** Indicates whether the session was user initiated.
|
||||
- **revisionNumber** Update revision number.
|
||||
- **updateId** Update ID.
|
||||
- **updateScenarioType** Device ID
|
||||
- **updateScenarioType** Update Session type
|
||||
- **wuDeviceid** Device ID
|
||||
|
||||
|
||||
|
||||
@ -369,7 +369,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -701,7 +701,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -4538,7 +4538,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
|
||||
@ -666,7 +666,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -1013,7 +1013,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ This setting determines whether a device shows notifications about Windows diagn
|
||||
|
||||
### Configure telemetry opt-in setting user interface
|
||||
|
||||
This setting determines whether people can change their own Windows diagnostic data level in in *Start > Settings > Privacy > Diagnostics & feedback*.
|
||||
This setting determines whether people can change their own Windows diagnostic data level in *Start > Settings > Privacy > Diagnostics & feedback*.
|
||||
|
||||
#### Group Policy
|
||||
|
||||
|
||||
@ -131,7 +131,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
||||
## Review
|
||||
|
||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||
|
||||
@ -104,7 +104,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
||||
## Review
|
||||
|
||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||
|
||||
@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
ms.date: 09/17/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Information protection
|
||||
@ -16,7 +16,7 @@ Learn more about how to secure documents and other data across your organization
|
||||
| Section | Description |
|
||||
|-|-|
|
||||
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
|
||||
| [Encrypted Hard Drive](bitlocker/bitlocker-overview.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
||||
| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
||||
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
|
||||
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
|
||||
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
|
||||
|
||||
@ -75,7 +75,7 @@ The adoption of new authentication technology requires that identity providers a
|
||||
|
||||
Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
|
||||
|
||||
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that that manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
||||
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
||||
|
||||
• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: justinha
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/04/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# How Windows Information Protection protects files with a sensitivity label
|
||||
@ -29,7 +29,7 @@ Microsoft information protection technologies include:
|
||||
|
||||
- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
|
||||
|
||||
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps.
|
||||
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps.
|
||||
|
||||
- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
|
||||
|
||||
@ -50,7 +50,7 @@ For more information about labels, see [Overview of labels](https://docs.microso
|
||||
|
||||
## Use cases
|
||||
|
||||
This sections covers how WIP works with sensitivity labels in specific use cases.
|
||||
This section covers how WIP works with sensitivity labels in specific use cases.
|
||||
|
||||
### User downloads from or creates a document on a work site
|
||||
|
||||
@ -60,7 +60,7 @@ If the document also has a sensitivity label, which can be Office or PDF files,
|
||||
|
||||
### User downloads a confidential Office or PDF document from a personal site
|
||||
|
||||
Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site.
|
||||
Windows Defender Advanced Threat Protection (Windows Defender ATP) scans for any file that gets modified or created, including files that were created on a personal site.
|
||||
If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site.
|
||||
For example:
|
||||
|
||||
@ -74,7 +74,7 @@ The PDF file doesn't need any work context beyond the sensitivity label.
|
||||
## Prerequisites
|
||||
|
||||
- Windows 10, version 1809
|
||||
- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
||||
- [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
||||
- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
|
||||
- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
|
||||
|
||||
|
||||
@ -8,7 +8,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: coreyp-at-msft
|
||||
author: justinha
|
||||
ms.author: justinha
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 08/08/2018
|
||||
---
|
||||
|
||||
@ -92,11 +92,11 @@
|
||||
####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
#######Domain
|
||||
######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
######Domain
|
||||
####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######File
|
||||
####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
@ -132,6 +132,10 @@
|
||||
####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
######Machines Security States
|
||||
####### [Get MachineSecurityStates collection](windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
|
||||
######Machine Groups
|
||||
####### [Get MachineGroups collection](windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######User
|
||||
####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
@ -139,6 +143,10 @@
|
||||
####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######Windows updates (KB) info
|
||||
####### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
|
||||
######Common Vulnerabilities and Exposures (CVE) to KB map
|
||||
####### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
@ -21,6 +21,8 @@ Safety Scanner only scans when manually triggered and is available for use 10 da
|
||||
|
||||
> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/en-us/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
|
||||
|
||||
> **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
|
||||
|
||||
## System requirements
|
||||
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/en-us/lifecycle).
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ It is also important to keep the following in mind:
|
||||
|
||||
* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
|
||||
|
||||
* Enable Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
||||
* Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
||||
|
||||
## What to do if information has been given to a tech support person
|
||||
|
||||
|
||||
@ -84,11 +84,11 @@ A user who is assigned this user right could increase the scheduling priority of
|
||||
|
||||
### Countermeasure
|
||||
|
||||
Verify that only Administrators and and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
||||
Verify that only Administrators and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
||||
|
||||
### Potential impact
|
||||
|
||||
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and and Window Manager/Window Manager Group is the default configuration.
|
||||
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and Window Manager/Window Manager Group is the default configuration.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -92,11 +92,12 @@
|
||||
###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
######Domain
|
||||
####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####Domain
|
||||
###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####File
|
||||
###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
|
||||
@ -132,12 +133,19 @@
|
||||
###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####Machines Security States
|
||||
###### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####Machine Groups
|
||||
###### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####User
|
||||
###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
#####Windows updates (KB) info
|
||||
###### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####Common Vulnerabilities and Exposures (CVE) to KB map
|
||||
###### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
#### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 09/03/2018
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.
|
||||
|
||||
@ -58,7 +58,7 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.
|
||||
|
||||
>[!NOTE]
|
||||
> These set of steps are directed towards the MSSP customer. <br>
|
||||
> Access to the portal can can only be done by the MSSP customer.
|
||||
> Access to the portal can only be done by the MSSP customer.
|
||||
|
||||
As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center.
|
||||
|
||||
@ -269,7 +269,7 @@ You'll need to have **Manage portal system settings** permission to whitelist th
|
||||
|
||||
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
- In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value.
|
||||
- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
|
||||
- Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
|
||||
|
||||
## Fetch alerts from MSSP customer's tenant using APIs
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/06/2018
|
||||
ms.date: 10/09/2018
|
||||
---
|
||||
|
||||
# Onboard servers to the Windows Defender ATP service
|
||||
|
||||
@ -0,0 +1,77 @@
|
||||
---
|
||||
title: Get CVE-KB map API
|
||||
description: Retrieves a map of CVE's to KB's.
|
||||
keywords: apis, graph api, supported apis, get, cve, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get CVE-KB map API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a map of CVE's to KB's and CVE details.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/cvekbmap
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful and map exists - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/CveKbMap
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
|
||||
"@odata.count": 4168,
|
||||
"value": [
|
||||
{
|
||||
"cveKbId": "CVE-2015-2482-3097617",
|
||||
"cveId": "CVE-2015-2482",
|
||||
"kbId":"3097617",
|
||||
"title": "Cumulative Security Update for Internet Explorer",
|
||||
"severity": "Critical"
|
||||
},
|
||||
…
|
||||
}
|
||||
|
||||
```
|
||||
@ -0,0 +1,76 @@
|
||||
---
|
||||
title: Get KB collection API
|
||||
description: Retrieves a collection of KB's.
|
||||
keywords: apis, graph api, supported apis, get, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get KB collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of KB's and KB details.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/kbinfo
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/KbInfo
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
|
||||
"@odata.count": 271,
|
||||
"value":[
|
||||
{
|
||||
"id": "KB3097617 (10240.16549) Amd64",
|
||||
"release": "KB3097617 (10240.16549)",
|
||||
"publishingDate": "2015-10-16T21:00:00Z",
|
||||
"version": "10.0.10240.16549",
|
||||
"architecture": "Amd64"
|
||||
},
|
||||
…
|
||||
}
|
||||
```
|
||||
@ -0,0 +1,76 @@
|
||||
---
|
||||
title: Get RBAC machine groups collection API
|
||||
description: Retrieves a collection of RBAC machine groups.
|
||||
keywords: apis, graph api, supported apis, get, RBAC, group
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get KB collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of RBAC machine groups.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/machinegroups
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/machinegroups
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
Field id contains machine group **id** and equal to field **rbacGroupId** in machines info.
|
||||
Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
|
||||
"@odata.count":7,
|
||||
"value":[
|
||||
{
|
||||
"id":86,
|
||||
"name":"UnassignedGroup",
|
||||
"description":"",
|
||||
"ungrouped":true},
|
||||
…
|
||||
}
|
||||
```
|
||||
@ -0,0 +1,83 @@
|
||||
---
|
||||
title: Get machines security states collection API
|
||||
description: Retrieves a collection of machines security states.
|
||||
keywords: apis, graph api, supported apis, get, machine, security, state
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get Machines security states collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of machines security states.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/machinesecuritystates
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
Field *id* contains machine id and equal to the field *id** in machines info.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
|
||||
"@odata.count":444,
|
||||
"@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
|
||||
"value":[
|
||||
{
|
||||
"id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
|
||||
"build":14393,
|
||||
"revision":2485,
|
||||
"architecture":"Amd64",
|
||||
"osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
|
||||
"propertiesRequireAttention":[
|
||||
"AntivirusNotReporting",
|
||||
"EdrImpairedCommunications"
|
||||
]
|
||||
},
|
||||
…
|
||||
]
|
||||
}
|
||||
```
|
||||
@ -89,3 +89,4 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
|
||||
|
||||
## Related topic
|
||||
- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
|
||||
- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 06/18/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Onboard previous versions of Windows
|
||||
@ -50,7 +50,7 @@ The following steps are required to enable this integration:
|
||||
|
||||
### Before you begin
|
||||
Review the following details to verify minimum system requirements:
|
||||
- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
||||
- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) or a later monthly update rollup.
|
||||
|
||||
>[!NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
@ -60,6 +60,14 @@ Review the following details to verify minimum system requirements:
|
||||
>[!NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
|
||||
- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
|
||||
|
||||
>[NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
>Don't install .NET framework 4.0.x, since it will negate the above installation.
|
||||
|
||||
|
||||
|
||||
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
|
||||
|
||||
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
|
||||
|
||||
@ -19,7 +19,7 @@ ms.date: 09/03/2018
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
The Widows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
||||
The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
||||
|
||||
|
||||
When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
|
||||
|
||||
@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel
|
||||
IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
|
||||
Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
|
||||
User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
|
||||
KbInfo | Run API call that gets list of Windows KB's information
|
||||
CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's
|
||||
MachineSecurityStates | Run API call that gets list of machines with their security properties and versions
|
||||
MachineGroups | Run API call that gets list of machine group definitions
|
||||
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
---
|
||||
title: Windows Platform Common Criteria Certification
|
||||
title: Common Criteria Certifications
|
||||
description: This topic details how Microsoft supports the Common Criteria certification program.
|
||||
ms.prod: w10
|
||||
ms.localizationpriority: medium
|
||||
ms.author: daniha
|
||||
author: danihalfin
|
||||
ms.date: 04/03/2018
|
||||
ms.date: 10/8/2018
|
||||
---
|
||||
|
||||
# Windows Platform Common Criteria Certification
|
||||
# Common Criteria Certifications
|
||||
|
||||
Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products.
|
||||
|
||||
@ -18,7 +18,8 @@ Microsoft is committed to optimizing the security of its products and services.
|
||||
|
||||
The Security Target describes security functionality and assurance measures used to evaluate Windows.
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
|
||||
@ -52,7 +53,9 @@ These documents describe how to configure Windows to replicate the configuration
|
||||
|
||||
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
||||
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx)
|
||||
@ -127,7 +130,8 @@ These documents describe how to configure Windows to replicate the configuration
|
||||
|
||||
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user