diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md index fd770fd0cc..7926dab884 100644 --- a/devices/hololens/hololens-connect-devices.md +++ b/devices/hololens/hololens-connect-devices.md @@ -32,7 +32,7 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices: - HoloLens (1st gen) clicker > [!NOTE] -> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [I'm having problems pairing or using a Bluetooth device](hololens-FAQ.md#im-having-problems-pairing-or-using-a-bluetooth-device). +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work). ### Pair a Bluetooth keyboard or mouse diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index fed3ff8374..7e016c22c0 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -34,8 +34,12 @@ Many schools use online testing for formative and summative assessments. It's cr ![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png) -There are several ways to configure devices for assessments. You can: -- **Configure an assessment URL and a dedicated testing account** +There are several ways to configure devices for assessments, depending on your use case: + +- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL. +- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing. + +1. **Configure an assessment URL and a dedicated testing account** In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing. @@ -58,9 +62,9 @@ There are several ways to configure devices for assessments. You can: For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md). -- **Distribute the assessment URL through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link** +2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments. + This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link. You can enable this using a schema activation. diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 7b5828d9c2..1eb4d1d50b 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -44,51 +44,51 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
-| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? | -|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | | | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | - +| Package name | App name | 1709 | 1803 | 1809 | 1909 | Uninstall through UI? | +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. @@ -149,7 +149,7 @@ System apps are integral to the operating system. Here are the typical system ap > [!NOTE] -> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). +> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). ## Installed Windows apps diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index db96f058c0..840988926d 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -103,15 +103,16 @@ ##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md) ### Deploy Windows 10 with Microsoft Endpoint Configuration Manager -#### [Prepare for Windows 10 deployment with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -#### Deploy Windows 10 with Configuration Manager +#### Prepare for Windows 10 deployment with Configuration Manager +##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) ##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md) ##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md) ##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) + +#### Deploy Windows 10 with Configuration Manager ##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md) ##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-cm/TOC.md b/windows/deployment/deploy-windows-cm/TOC.md index daaec1091b..b26445c4ab 100644 --- a/windows/deployment/deploy-windows-cm/TOC.md +++ b/windows/deployment/deploy-windows-cm/TOC.md @@ -1,13 +1,14 @@ # Deploy Windows 10 with Microsoft Endpoint Configuration Manager -## [Prepare for Windows 10 deployment with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -## Deploy Windows 10 with Configuration Manager +## Prepare for Windows 10 deployment with Configuration Manager +### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) ### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) ### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) ### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) + +## Deploy Windows 10 with Configuration Manager ### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) ### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md index 19ebb6ea7b..a5ea3f78c2 100644 --- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -21,7 +21,16 @@ ms.topic: article - Windows 10 -In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001. +In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic. + +This topic assumes that you have completed the following prerequisite procedures: +- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) +- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) +- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) +- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) +- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) +- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) +- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001). - DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS). @@ -36,10 +45,8 @@ All servers are running Windows Server 2019. However, an earlier, supported vers All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates. -An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). - >[!NOTE] ->No WDS console configuration required for PXE to work. Everything is done with the Configuration Manager console. +>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console. ## Procedures @@ -52,7 +59,7 @@ An existing Configuration Manager infrastructure that is integrated with MDT is * Install the Windows 10 operating system. * Install the Configuration Manager client and the client hotfix. - * Join the machine to the domain. + * Join the computer to the domain. * Install the application added to the task sequence. >[!NOTE] diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index 2486006471..0e9f6ba908 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -52,7 +52,7 @@ You can control when updates are applied, for example by deferring when an updat Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates. -- Drivers (on/off): When "on," this policy will not include drivers with Windows Update. +- Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update. - Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products. diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 7cb66960c1..0ef906a2b3 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -172,17 +172,7 @@ You can try any of the processes included in these scenarios, but you should foc - - Stop Google Drive from syncing WIP protected files and folders. - - - - + >[!NOTE] diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ac15e0c03b..3eca661850 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -332,8 +332,12 @@ ###### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md) ##### [Update](microsoft-defender-atp/linux-updates.md) ##### [Configure]() +###### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md) ###### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ###### [Set preferences](microsoft-defender-atp/linux-preferences.md) +##### [Troubleshoot]() +###### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md) +###### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md) ##### [Resources](microsoft-defender-atp/linux-resources.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md new file mode 100644 index 0000000000..088b47a20c --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -0,0 +1,111 @@ +--- +title: Configure and validate exclusions for Microsoft Defender ATP for Linux +description: Provide and validate exclusions for Microsoft Defender ATP for Linux. Exclusions can be set for files, folders, and processes. +keywords: microsoft, defender, atp, linux, exclusions, scans, antivirus +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Configure and validate exclusions for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. + +> [!IMPORTANT] +> The exclusions described in this article don't apply to other Microsoft Defender ATP for Linux capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. + +You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender ATP for Linux scans. + +Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Microsoft Defender ATP for Linux. + +> [!WARNING] +> Defining exclusions lowers the protection offered by Microsoft Defender ATP for Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. + +## Supported exclusion types + +The follow table shows the exclusion types supported by Microsoft Defender ATP for Linux. + +Exclusion | Definition | Examples +---|---|--- +File extension | All files with the extension, anywhere on the machine | .test +File | A specific file identified by the full path | /var/log/test.log +Folder | All files under the specified folder | /var/log/ +Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat + +## How to configure the list of exclusions + +### From the management console + +For more information on how to configure exclusions from Puppet, Ansible, or another management console, see [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). + +### From the command line + +Run the following command to see the available switches for managing exclusions: + +```bash +$ mdatp --exclusion +``` + +Examples: + +- Add an exclusion for a file extension: + + ```bash + $ mdatp --exclusion --add-extension .txt + Configuration updated successfully + ``` + +- Add an exclusion for a file: + + ```bash + $ mdatp --exclusion --add-folder /var/log/dummy.log + Configuration updated successfully + ``` + +- Add an exclusion for a folder: + + ```bash + $ mdatp --exclusion --add-folder /var/log/ + Configuration updated successfully + ``` + +- Add an exclusion for a process: + + ```bash + $ mdatp --exclusion --add-process cat + Configuration updated successfully + ``` + +## Validate exclusions lists with the EICAR test file + +You can validate that your exclusion lists are working by using `curl` to download a test file. + +In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path. + +```bash +$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt +``` + +If Microsoft Defender ATP for Linux reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html). + +If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: + +```bash +echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt +``` + +You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index c2505dae33..0ac647a0b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -18,7 +18,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Configuring Microsoft Defender ATP for static proxy discovery +# Configure Microsoft Defender ATP for Linux for static proxy discovery **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md new file mode 100644 index 0000000000..d34c004a38 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -0,0 +1,91 @@ +--- +title: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux +ms.reviewer: +description: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux +keywords: microsoft, defender, atp, linux, cloud, connectivity, communication +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +## Run the connectivity test + +To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line: + +```bash +$ mdatp --connectivity-test +``` + +If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall. + +## Troubleshooting steps for environments without proxy or with transparent proxy + +To test that a connection is not blocked in an environment without a proxy or with a transparent proxy, run the following command in the terminal: + +```bash +curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' +``` + +The output from this command should be similar to: + +``` +OK https://x.cp.wd.microsoft.com/api/report +OK https://cdn.x.cp.wd.microsoft.com/ping +``` + +## Troubleshooting steps for environments with static proxy + +> [!WARNING] +> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. +> +> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. + +If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: + +```bash +$ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' +``` + +Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands. + +To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading `#` is removed to uncomment the following line from `/lib/systemd/system/mdatp.service`: + +```bash +#Environment="HTTPS_PROXY=http://address:port" +``` + +Also ensure that the correct static proxy address is filled in to replace `address:port`. + +If this file is correct, try running the following command in the terminal to reload Microsoft Defender ATP for Linux and propagate the setting: + +```bash +$ sudo systemctl daemon-reload; sudo systemctl restart mdatp +``` + +Upon success, attempt another connectivity test from the command line: + +```bash +$ mdatp --connectivity-test +``` + +If the problem persists, contact customer support. + +## Resources + +- For more information about how to configure the product to use a static proxy, see [Configure Microsoft Defender ATP for static proxy discovery](linux-static-proxy-configuration.md). \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md new file mode 100644 index 0000000000..55da60a602 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -0,0 +1,82 @@ +--- +title: Troubleshoot performance issues for Microsoft Defender ATP for Linux +description: Troubleshoot performance issues in Microsoft Defender ATP for Linux. +keywords: microsoft, defender, atp, linux, performance +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Troubleshoot performance issues for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Linux. + +Real-time protection (RTP) is a feature of Microsoft Defender ATP for Linux that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics. + +Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender ATP for Linux. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender ATP for Linux. + +The following steps can be used to troubleshoot and mitigate these issues: + +1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Linux is contributing to the performance issues. + + If your device is not managed by your organization, real-time protection can be disabled from the command line: + + ```bash + $ mdatp --config realTimeProtectionEnabled false + ``` + + If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). + +2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux. + + > [!NOTE] + > This feature is available in version 100.90.70 or newer. + + This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: + + ```bash + $ mdatp config real_time_protection_statistics_enabled on + ``` + + This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: + + ```bash + $ mdatp health + ``` + + Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: + + ```bash + $ mdatp --config realTimeProtectionEnabled true + ``` + + To collect current statistics, run: + + ```bash + $ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file + ``` + + The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md). + + > [!NOTE] + > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. + +3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. + +4. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. + + See [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md) for details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 4a410131e3..4ac890ab74 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -64,7 +64,7 @@ Select the type of exclusion that you wish to add and follow the prompts. You can validate that your exclusion lists are working by using `curl` to download a test file. -In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path. +In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path. ```bash $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt @@ -72,7 +72,7 @@ $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html). -If you do not have internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: +If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: ```bash echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index ae1856f3eb..ed7b91f290 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -122,7 +122,7 @@ It's important to understand the following prerequisites prior to creating indic >[!IMPORTANT] > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. -> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS):
+> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE: >- IP is supported for all three protocols >- Encrypted URLs (full path) can only be blocked on first party browsers diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 2819fb191f..aa08dca96f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -117,25 +117,7 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md). -## Validating cloud connectivity - -To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. - -If you prefer the command line, you can also check the connection by running the following command in Terminal: - -```bash -$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' -``` - -The output from this command should be similar to the following: - -> `OK https://x.cp.wd.microsoft.com/api/report` -> `OK https://cdn.x.cp.wd.microsoft.com/ping` - -Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal: -```bash -$ mdatp --connectivity-test -``` +For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. ## How to update Microsoft Defender ATP for Linux