├── .acrolinx-config.edn ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ └── config.yml └── workflows │ ├── AutoLabelAssign.yml │ ├── AutoLabelMsftContributor.yml │ ├── AutoPublish.yml │ ├── BackgroundTasks.yml │ ├── BuildValidation.yml │ ├── LiveMergeCheck.yml │ ├── PrFileCount.yml │ ├── ProtectedFiles.yml │ ├── Stale.yml │ ├── StaleBranch.yml │ └── TierManagement.yml ├── .gitignore ├── .openpublishing.publish.config.json ├── .openpublishing.redirection.json ├── LICENSE ├── LICENSE-CODE ├── README.md ├── ThirdPartyNotices.md └── managed-desktop ├── TOC.yml ├── breadcrumb └── toc.yml ├── deploy ├── add-app-with-app-control.md ├── company-portal-communication.md ├── deploy-apps.md ├── device-location.md ├── downloads │ ├── device-registration-sample-partner.csv │ └── device-registration-sample-self.csv ├── enable-user-support-features.md ├── esp-first-run.md ├── get-started-devices.md ├── initial-app-deployment-with-app-control.md ├── localization.md └── validate-device.md ├── developer ├── mmd-api-access-app-context.md ├── mmd-api-access-user-context.md ├── mmd-api-add-notes.md ├── mmd-api-close-elevation-request.md ├── mmd-api-configure-servicenow.md ├── mmd-api-create-elevation-request.md ├── mmd-api-create-ticket.md ├── mmd-api-devices.md ├── mmd-api-elevation-requests.md ├── mmd-api-get-device.md ├── mmd-api-get-elevation-request-details.md ├── mmd-api-get-ticket-id.md ├── mmd-api-get-ticket-notes.md ├── mmd-api-get-user.md ├── mmd-api-list-devices.md ├── mmd-api-list-elevation-requests.md ├── mmd-api-list-profiles.md ├── mmd-api-list-tickets.md ├── mmd-api-list-users.md ├── mmd-api-overview.md ├── mmd-api-reassign-device-profile.md ├── mmd-api-tickets.md └── mmd-api-users.md ├── docfx.json ├── index.yml ├── media ├── MMD-location-services-UI.png ├── api │ ├── request-api-perms.png │ ├── request-api-perms2.png │ ├── request-api-perms3.png │ └── request-details.png ├── areaoffocus.png ├── device-registration │ ├── auto-registration-high-level-workflow-diagram.png │ ├── device-registration-overview.png │ └── manual-registration-high-level-workflow-diagram.png ├── mmd-autopilot-co-management.png ├── mmd-autopilot-screenshot.png ├── mmd-devices-view.png ├── mmd-profile-options-heirarchy.png ├── mmd-support-flow.png ├── onedrive │ ├── onedrive-folders.png │ ├── onedrive-sync.png │ └── onedrive-teams.png └── reports │ ├── all-devices-historical-report.png │ ├── all-devices-report.png │ ├── eligible-devices-historical-report.png │ ├── ineligible-devices-historical-report.png │ └── summary-dashboard.png ├── operate ├── affected-devices-report.md ├── all-devices-historical-report.md ├── all-devices-report.md ├── app-usage-report.md ├── change-device-profile.md ├── config-setting-deploy.md ├── config-setting-overview.md ├── config-setting-ref.md ├── device-crash-drilldown-report.md ├── device-inventory-report.md ├── device-policies.md ├── device-profiles.md ├── device-reliability-historical-trends-report.md ├── device-reliability-reports-overview.md ├── edge-browser-app.md ├── eligible-devices-historical-report.md ├── end-user-support.md ├── failure-module-drilldown-report.md ├── ineligible-devices-historical-report.md ├── kiosk-device-profile.md ├── m365-apps.md ├── maintain-environment.md ├── manage-apps.md ├── media │ ├── release-process-timeline.png │ ├── update-communications.png │ ├── windows-quality-force-update.png │ ├── windows-quality-typical-update-experience.png │ └── windows-quality-update-grace-period.png ├── onedrive.md ├── operating-system-stop-error-report.md ├── proactive-monitoring.md ├── project-visio.md ├── recover-devices.md ├── remove-devices.md ├── reports.md ├── request-device-name-change.md ├── reset-devices-factory.md ├── service-metrics-report.md ├── summary-dashboard.md ├── support-request.md ├── teams.md ├── test-windows-11.md ├── update-communications.md ├── updates.md ├── windows-quality-update-end-user-experience.md ├── windows-quality-update-overview.md └── windows-quality-update-signals.md ├── overview ├── MMD-and-ITSM.md ├── change-management.md ├── compliance.md ├── core-applications.md ├── device-services.md ├── exceptions-to-service-plan.md ├── operating-system.md ├── privacy-personal-data.md ├── regions-languages.md ├── roles-and-responsibilities.md ├── security-operations.md ├── security-technologies.md ├── service-changes-communication.md ├── service-plan.md ├── standard-operating-procedures.md ├── support-teams.md ├── tenant-access.md └── win11-overview.md ├── prepare ├── access-admin-center.md ├── add-admin-contacts.md ├── adjust-management-settings.md ├── app-control.md ├── app-requirements.md ├── apps.md ├── autopilot-co-management.md ├── certs-wifi-lan.md ├── company-portal.md ├── device-images.md ├── device-registration-overview.md ├── device-requirements.md ├── enroll-your-tenant.md ├── enterprise-state-roaming.md ├── guest-accounts.md ├── manual-registration-existing-devices.md ├── manual-registration.md ├── mapped-drives.md ├── network.md ├── on-premise-resources.md ├── partner-registration.md ├── prepare-devices-for-registration.md ├── prerequisites.md ├── printing.md ├── readiness-assessment-downloadable.md ├── readiness-assessment-fix.md ├── readiness-assessment-online.md ├── shared-devices.md ├── universal-image.md ├── virtual-device-registration.md └── windows-autopilot-registration.md ├── references ├── diagnostic-logs.md ├── raci.md ├── security-baseline-settings.md ├── windows-11-policy-settings.md └── windows-update-policies.md └── whats-new ├── whats-new-2018.md ├── whats-new-2019.md ├── whats-new-2020.md ├── whats-new-2021.md ├── whats-new-2022.md └── whats-new-2023.md /.acrolinx-config.edn: -------------------------------------------------------------------------------- 1 | {:allowed-branchname-matches ["main" "release-.*"] 2 | :allowed-filename-matches ["managed-desktop/"] 3 | 4 | :use-gh-statuses true 5 | 6 | :targets 7 | { 8 | :counts { 9 | ;;:correctness 13 10 | ;;:total 15 ;; 11 | ;;:issues 15 ;; 12 | ;;:correctness 13 ;; 13 | } 14 | :scores { 15 | ;;:terminology 100 16 | :qualityscore 80 ;; 17 | ;;:correctness 40 18 | } 19 | } 20 | 21 | :guidance-profile "d2b6c2c8-00ee-47f1-8d10-b280cc3434c1" ;; Profile ID for "M365-specific" 22 | 23 | :template-header 24 | 25 | " 26 | 27 | ## Acrolinx Scorecards 28 | 29 | **The minimum Acrolinx topic score of 80 is required for all Magic content merged to the default branch.** 30 | 31 | If you need a scoring exception for content in this PR, add the *Sign off* and the *Acrolinx exception* labels to the PR. The PubOps Team will review the exception request and may take one or more of the following actions: 32 | 33 | - Work with you to resolve the issues requiring the exception. 34 | - Escalate the exception request to the Acrolinx Review Team for review. 35 | - Approve the exception and work with the GitHub Admin Team to merge the PR to the default branch. 36 | 37 | For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.docs.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=main). 38 | 39 | Select the total score link to review all feedback on clarity, consistency, tone, brand, terms, spelling, grammar, readability, and inclusive language. _You should fix all spelling errors regardless of your total score_. Fixing spelling errors helps maintain customer trust in overall content quality. 40 | 41 | | Article | Total score
(Required: 80) | Terminology | Spelling and Grammar | Clarity
(Readability) | 42 | |---------|:--------------:|:--------------------:|:------:|:---------:| 43 | " 44 | 45 | :template-change 46 | "| ${s/status} ${s/file} | [${acrolinx/qualityscore}](${acrolinx/scorecard}) | ${acrolinx/scores/words_and_phrases} | ${acrolinx/scores/correctness} | ${acrolinx/scores/clarity} | 47 | " 48 | 49 | :template-footer 50 | " 51 | **More information about Acrolinx** 52 | 53 | - [Install Acrolinx locally for VSCode for Magic](https://review.learn.microsoft.com/office-authoring-guide/acrolinx-vscode?branch=main) 54 | - [False positives or issues](https://aka.ms/acrolinxbug) 55 | - [Request a new Acrolinx term](https://microsoft.sharepoint.com/teams/M365Dev2/SitePages/M365-terminology.aspx) 56 | - [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch=main) 57 | 58 | " 59 | } 60 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | 4 | # Explicitly declare text files you want to always be normalized and converted 5 | # to native line endings on checkout. 6 | *.c text 7 | *.h text 8 | 9 | # Declare files that will always have CRLF line endings on checkout. 10 | *.sln text eol=crlf 11 | 12 | # Denote all files that are truly binary and should not be modified. 13 | *.png binary 14 | *.jpg binary -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: New feedback experience 4 | url: https://learn.microsoft.com/office/new-feedback 5 | about: We’re transitioning our feedback experience away from GitHub Issues. For more information, select Open. -------------------------------------------------------------------------------- /.github/workflows/AutoLabelAssign.yml: -------------------------------------------------------------------------------- 1 | name: Assign and label PR 2 | 3 | permissions: 4 | pull-requests: write 5 | contents: read 6 | actions: read 7 | 8 | on: 9 | workflow_run: 10 | workflows: [Background tasks] 11 | types: 12 | - completed 13 | 14 | jobs: 15 | download-payload: 16 | name: Download and extract payload artifact 17 | if: github.repository_owner == 'MicrosoftDocs' 18 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod 19 | with: 20 | WorkflowId: ${{ github.event.workflow_run.id }} 21 | OrgRepo: ${{ github.repository }} 22 | secrets: 23 | AccessToken: ${{ secrets.GITHUB_TOKEN }} 24 | 25 | label-assign: 26 | name: Run assign and label 27 | if: github.repository_owner == 'MicrosoftDocs' 28 | needs: [download-payload] 29 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod 30 | with: 31 | PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }} 32 | AutoAssignUsers: 1 33 | AutoLabel: 1 34 | ExcludedUserList: '["user1", "user2"]' 35 | ExcludedBranchList: '["branch1", "branch2"]' 36 | secrets: 37 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/AutoLabelMsftContributor.yml: -------------------------------------------------------------------------------- 1 | name: Auto label Microsoft contributors 2 | 3 | permissions: 4 | pull-requests: write 5 | contents: read 6 | actions: read 7 | 8 | on: 9 | workflow_run: 10 | workflows: [Background tasks] 11 | types: 12 | - completed 13 | 14 | jobs: 15 | download-payload: 16 | if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' 17 | name: Download and extract payload artifact 18 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod 19 | with: 20 | WorkflowId: ${{ github.event.workflow_run.id }} 21 | OrgRepo: ${{ github.repository }} 22 | secrets: 23 | AccessToken: ${{ secrets.GITHUB_TOKEN }} 24 | 25 | label-msft: 26 | name: Label Microsoft contributors 27 | if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' 28 | needs: [download-payload] 29 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod 30 | with: 31 | PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }} 32 | secrets: 33 | AccessToken: ${{ secrets.GITHUB_TOKEN }} 34 | ClientId: ${{ secrets.M365_APP_CLIENT_ID }} 35 | PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} -------------------------------------------------------------------------------- /.github/workflows/AutoPublish.yml: -------------------------------------------------------------------------------- 1 | name: (Scheduled) Publish to live 2 | 3 | permissions: 4 | contents: write 5 | pull-requests: write 6 | checks: read 7 | 8 | on: 9 | schedule: 10 | - cron: "25 2,5,8,11,14,17,20,22 * * *" # Times are UTC based on Daylight Saving Time. Need to be adjusted for Standard Time. Scheduling at :25 to account for queuing lag. 11 | 12 | workflow_dispatch: 13 | 14 | jobs: 15 | 16 | auto-publish: 17 | if: github.repository_owner == 'MicrosoftDocs' && contains(github.event.repository.topics, 'build') 18 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoPublishV2.yml@workflows-prod 19 | with: 20 | PayloadJson: ${{ toJSON(github) }} 21 | EnableAutoPublish: true 22 | EnableAutoMerge: true 23 | 24 | secrets: 25 | AccessToken: ${{ secrets.GITHUB_TOKEN }} 26 | PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} 27 | ClientId: ${{ secrets.M365_APP_CLIENT_ID }} -------------------------------------------------------------------------------- /.github/workflows/BackgroundTasks.yml: -------------------------------------------------------------------------------- 1 | name: Background tasks 2 | 3 | permissions: 4 | pull-requests: write 5 | contents: read 6 | 7 | on: 8 | pull_request_target: 9 | 10 | jobs: 11 | upload: 12 | if: github.repository_owner == 'MicrosoftDocs' 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Save payload data 17 | env: 18 | PayloadJson: ${{ toJSON(github) }} 19 | AccessToken: ${{ github.token }} 20 | run: | 21 | mkdir -p ./pr 22 | echo $PayloadJson > ./pr/PayloadJson.json 23 | sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json 24 | - uses: actions/upload-artifact@v4 25 | with: 26 | name: PayloadJson 27 | path: pr/ -------------------------------------------------------------------------------- /.github/workflows/BuildValidation.yml: -------------------------------------------------------------------------------- 1 | name: PR has no warnings or errors 2 | 3 | permissions: 4 | pull-requests: write 5 | statuses: write 6 | 7 | on: 8 | issue_comment: 9 | types: [created] 10 | 11 | jobs: 12 | 13 | build-status: 14 | if: github.repository_owner == 'MicrosoftDocs' 15 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-BuildValidation.yml@workflows-prod 16 | with: 17 | PayloadJson: ${{ toJSON(github) }} 18 | secrets: 19 | AccessToken: ${{ secrets.GITHUB_TOKEN }} 20 | -------------------------------------------------------------------------------- /.github/workflows/LiveMergeCheck.yml: -------------------------------------------------------------------------------- 1 | name: PR can merge into branch 2 | 3 | permissions: 4 | pull-requests: write 5 | statuses: write 6 | contents: read 7 | 8 | on: 9 | pull_request_target: 10 | types: [opened, reopened, synchronize, edited] 11 | 12 | jobs: 13 | 14 | live-merge: 15 | if: github.repository_owner == 'MicrosoftDocs' 16 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod 17 | with: 18 | PayloadJson: ${{ toJSON(github) }} 19 | secrets: 20 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/PrFileCount.yml: -------------------------------------------------------------------------------- 1 | name: PR file count less than limit 2 | 3 | permissions: 4 | pull-requests: write 5 | statuses: write 6 | contents: read 7 | 8 | on: 9 | pull_request_target: 10 | types: [opened, reopened, synchronize, labeled, unlabeled, edited] 11 | 12 | jobs: 13 | 14 | file-count: 15 | if: github.repository_owner == 'MicrosoftDocs' 16 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod 17 | with: 18 | PayloadJson: ${{ toJSON(github) }} 19 | secrets: 20 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/ProtectedFiles.yml: -------------------------------------------------------------------------------- 1 | name: PR has no protected files 2 | 3 | permissions: 4 | pull-requests: write 5 | statuses: write 6 | contents: read 7 | 8 | on: [pull_request_target] 9 | 10 | jobs: 11 | 12 | protected-files: 13 | if: github.repository_owner == 'MicrosoftDocs' 14 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod 15 | with: 16 | PayloadJson: ${{ toJSON(github) }} 17 | secrets: 18 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/Stale.yml: -------------------------------------------------------------------------------- 1 | name: (Scheduled) Mark stale pull requests 2 | 3 | permissions: 4 | issues: write 5 | pull-requests: write 6 | 7 | on: 8 | schedule: 9 | - cron: "0 */6 * * *" 10 | workflow_dispatch: 11 | 12 | jobs: 13 | stale: 14 | if: github.repository_owner == 'MicrosoftDocs' 15 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod 16 | with: 17 | RunDebug: false 18 | RepoVisibility: ${{ github.repository_visibility }} 19 | secrets: 20 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/StaleBranch.yml: -------------------------------------------------------------------------------- 1 | name: (Scheduled) Stale branch removal 2 | 3 | permissions: 4 | contents: write 5 | pull-requests: read 6 | 7 | # This workflow is designed to be run in the days up to, and including, a "deletion day", specified by 'DeleteOnDayOfMonth' in env: in https://github.com/MicrosoftDocs/microsoft-365-docs/blob/workflows-prod/.github/workflows/Shared-StaleBranch.yml. 8 | # On the days leading up to "deletion day", the workflow will report the branches to be deleted. This lets users see which branches will be deleted. On "deletion day", those branches are deleted. 9 | # The workflow should not be configured to run after "deletion day" so that users can review the branches were deleted. 10 | # Recommendation: configure cron to run on days 1,15-31 where 1 is what's configured in 'DeleteOnDayOfMonth'. If 'DeleteOnDayOfMonth' is set to something else, update cron to run the two weeks leading up to it. 11 | 12 | on: 13 | schedule: 14 | - cron: "0 9 1,15-31 * *" 15 | 16 | workflow_dispatch: 17 | 18 | 19 | jobs: 20 | 21 | stale-branch: 22 | if: github.repository_owner == 'MicrosoftDocs' 23 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-StaleBranch.yml@workflows-prod 24 | with: 25 | PayloadJson: ${{ toJSON(github) }} 26 | RepoBranchSkipList: '[ 27 | "ExampleBranch1", 28 | "ExampleBranch2" 29 | ]' 30 | ReportOnly: false 31 | secrets: 32 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/TierManagement.yml: -------------------------------------------------------------------------------- 1 | name: Tier management 2 | 3 | permissions: 4 | pull-requests: write 5 | contents: read 6 | 7 | on: 8 | issue_comment: 9 | types: [created, edited] 10 | 11 | jobs: 12 | 13 | tier-mgmt: 14 | if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'private' 15 | uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-TierManagement.yml@workflows-prod 16 | with: 17 | PayloadJson: ${{ toJSON(github) }} 18 | EnableWriteSignOff: 1 19 | EnableReadOnlySignoff: 1 20 | secrets: 21 | AccessToken: ${{ secrets.GITHUB_TOKEN }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | log/ 2 | obj/ 3 | _site/ 4 | .optemp/ 5 | _themes*/ 6 | _repo.*/ 7 | 8 | .openpublishing.buildcore.ps1 -------------------------------------------------------------------------------- /.openpublishing.publish.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "docsets_to_publish": [ 3 | { 4 | "docset_name": "Managed-Desktop", 5 | "build_source_folder": "managed-desktop", 6 | "build_output_subfolder": "Managed-Desktop", 7 | "locale": "en-us", 8 | "monikers": [], 9 | "moniker_ranges": [], 10 | "open_to_public_contributors": true, 11 | "type_mapping": { 12 | "Conceptual": "Content" 13 | }, 14 | "build_entry_point": "docs", 15 | "template_folder": "_themes" 16 | } 17 | ], 18 | "notification_subscribers": [], 19 | "sync_notification_subscribers": [], 20 | "branches_to_filter": [], 21 | "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/Managed-Desktop", 22 | "git_repository_branch_open_to_public_contributors": "public", 23 | "skip_source_output_uploading": false, 24 | "need_preview_pull_request": true, 25 | "dependent_repositories": [ 26 | { 27 | "path_to_root": "_themes", 28 | "url": "https://github.com/Microsoft/templates.docs.msft", 29 | "branch": "main", 30 | "branch_mapping": {} 31 | }, 32 | { 33 | "path_to_root": "_themes.pdf", 34 | "url": "https://github.com/Microsoft/templates.docs.msft.pdf", 35 | "branch": "main", 36 | "branch_mapping": {} 37 | } 38 | ], 39 | "branch_target_mapping": { 40 | "live": [ 41 | "Publish", 42 | "Pdf" 43 | ] 44 | }, 45 | "targets": { 46 | "pdf": { 47 | "template_folder": "_themes.pdf" 48 | } 49 | }, 50 | "need_generate_pdf_url_template": true 51 | } 52 | -------------------------------------------------------------------------------- /LICENSE-CODE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | Copyright (c) Microsoft Corporation 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 5 | associated documentation files (the "Software"), to deal in the Software without restriction, 6 | including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 8 | subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all copies or substantial 11 | portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT 14 | NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 15 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 16 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Microsoft Open Source Code of Conduct 2 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 3 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. -------------------------------------------------------------------------------- /ThirdPartyNotices.md: -------------------------------------------------------------------------------- 1 | ## Legal Notices 2 | Microsoft and any contributors grant you a license to the Microsoft documentation and other content 3 | in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode), 4 | see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the 5 | [LICENSE-CODE](LICENSE-CODE) file. 6 | 7 | Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation 8 | may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. 9 | The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. 10 | Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653. 11 | 12 | Privacy information can be found at https://privacy.microsoft.com/en-us/ 13 | 14 | Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, 15 | or trademarks, whether by implication, estoppel or otherwise. -------------------------------------------------------------------------------- /managed-desktop/breadcrumb/toc.yml: -------------------------------------------------------------------------------- 1 | - name: Docs 2 | tocHref: / 3 | topicHref: / -------------------------------------------------------------------------------- /managed-desktop/deploy/add-app-with-app-control.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Add a new app with app control 3 | description: Learn how to add a new app with app control. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | audience: ITpro 10 | ms.topic: retired 11 | ms.localizationpriority: medium 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier1 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Add a new app with app control 19 | 20 | > [!NOTE] 21 | > The [app control](../prepare/app-control.md) feature is optional. You must [submit a request](../operate/support-request.md) to turn on app control. 22 | 23 | Once app control has been deployed in your environment, both you and Microsoft Managed Desktop Operations have ongoing responsibilities. For example, you might want to add a new app in the environment, or add (or remove) a trusted signer. To improve security, all apps should be code-signed before you release them to users. An app's publisher details includes information about the signer. 24 | 25 | ## Add a new app 26 | 27 | **To add a new app:** 28 | 29 | 1. Add the app to [Microsoft Intune](/mem/intune/apps/apps-win32-app-management). 30 | 1. Deploy the app to any device in the Test ring. 31 | 1. Test your app according to your standard business processes. 32 | 1. Check the Event Viewer under **Application and Services Logs\Microsoft\Windows\AppLocker**. Look for any **8003** or **8006** events. These events indicate that the app would be blocked. For more information about all App Locker events and their meanings, see [Using Event Viewer with AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker). 33 | 1. If you find any of these events, open a signer request with Microsoft Managed Desktop Operations. 34 | 35 | ## Add (or remove) a trusted signer 36 | 37 | When you open a signer request, you'll need to provide some important publisher details first. 38 | 39 | **To add (or remove) a trusted signer:** 40 | 41 | 1. [Gather publisher details](#gather-publisher-details). 42 | 1. Open a ticket with Microsoft Managed Desktop Operations to request the signer rule and include following details: 43 | - Application name 44 | - Application version 45 | - Description 46 | - Change type ("add" or "remove") 47 | - Publisher details (for example: `O=,L=,S=State,C=Country`) 48 | 49 | > [!NOTE] 50 | > To remove trust for an app, follow the same steps, but set the **Change type** to *remove*. 51 | 52 | Operations will progressively deploy policies to deployment groups following this schedule: 53 | 54 | |Deployment group|Policy type|Timing| 55 | |---|---|---| 56 | |Test|Audit|Day 0| 57 | |First|Enforced|Day 1| 58 | |Fast|Enforced|Day 2| 59 | |Broad|Enforced|Day 3| 60 | 61 | You can pause or roll back the deployment at any time during the rollout. To pause or roll back, open another support request with Microsoft Managed Desktop Operations. 62 | 63 | > [!NOTE] 64 | > If you pause the release of a signer rule, that rule must be either rolled back or completed before another rollout can start. 65 | 66 | ## Gather publisher details 67 | 68 | **To access the publisher data for an app:** 69 | 70 | 1. Find a Microsoft Managed Desktop device in the Test ring that has an Audit Mode policy applied. 71 | 1. Attempt to install the app on the device. 72 | 1. Open the Event Viewer on that device. 73 | 1. In the Event Viewer, navigate to **Application and Services Logs\Microsoft\Windows**, and then select **AppLocker**. 74 | 1. Find any **8003** or **8006** event, and then copy information from the event: 75 | - Application name 76 | - Application version 77 | - Description 78 | - Publisher details (for example: `O=, L=, S=State, C=Country`) 79 | -------------------------------------------------------------------------------- /managed-desktop/deploy/company-portal-communication.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Assign and communicate how to use the Company Portal to your users 3 | description: Info on deploying the Company Portal to the tenant 4 | keywords: Microsoft Managed Desktop, Microsoft 365, Company Portal 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/17/2023 15 | --- 16 | 17 | # Configure the Intune Company Portal app 18 | 19 | Following your enrollment in Microsoft Managed Desktop, the service will add the Intune Company Portal, if not already, to your tenant and assign it to each of the service’s [deployment rings](../operate/updates.md#microsoft-managed-desktop-deployment-rings). 20 | 21 | IT administrators can customize Company Portal for their organization. Customizations includes brand imaging, adding in local support contacts, and more. For more information, see [How to Configure the Microsoft Intune Company Portal app](/mem/intune/user-help/sign-in-to-the-company-portal). 22 | 23 | ## Communicate change to your users 24 | 25 | As the IT administrator for your organization, it's important to let your users know how to use Company Portal in your organization. Microsoft Managed Desktop recommends: 26 | 27 | - Steps on installing applications from the Company Portal. For more information, see [Install and share apps on your device](/mem/intune/user-help/sign-in-to-the-company-portal#sign-in-to-app). 28 | - How to send requests to IT administrators for applications that aren't currently available. For more information, see [Request an app for work or school](/mem/intune/user-help/sign-in-to-the-company-portal#sign-in-with-school-or-work-account). 29 | -------------------------------------------------------------------------------- /managed-desktop/deploy/deploy-apps.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Add and deploy apps to devices 3 | description: Information for adding and deploying apps to Microsoft Managed Desktop devices. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation, apps, line-of-business apps, LOB apps 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/17/2023 15 | --- 16 | 17 | # Add and deploy apps to devices 18 | 19 | Part of onboarding to Microsoft Managed Desktop includes adding and deploying apps to your user's devices. Use the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to add and deploy your apps. 20 | 21 | > [!TIP] 22 | > If you already have [co-management for Windows devices](/mem/configmgr/comanage/overview) turned on and want to combine the benefits of Microsoft Intune for all workload management, you can configure devices and deploy apps using [Autopilot into co-management](../prepare/autopilot-co-management.md). Client applications will continue to be managed by Configuration Manager. 23 | 24 | The overall process looks like this: 25 | 26 | 1. [Add apps to the Microsoft Intune admin center](#step-1-add-apps-to-the-microsoft-intune-admin-center). 27 | 2. [Assign apps to your users](#step-2-assign-and-deploy-apps-to-your-users). 28 | 29 | > [!TIP] 30 | > If you'd like to restrict the execution of code on client devices, you must turn on [app control](../prepare/app-control.md). To turn on app control, you must [submit a request](../operate/support-request.md). 31 | 32 | ## Step 1: Add apps to the Microsoft Intune admin center 33 | 34 | Before you can configure, assign, protect, or monitor apps, you must [add the apps to Microsoft Intune](/mem/intune/apps/apps-add). 35 | 36 | ## Step 2: Assign and deploy apps to your users 37 | 38 | After you've added apps to Microsoft Intune, you must [assign](/mem/intune/apps/apps-deploy#assign-an-app) and [deploy apps to devices](/mem/intune/apps/apps-windows-10-app-deploy). 39 | 40 | After assigning and deploying apps to devices, you can [monitor app information and assignments with Microsoft Intune](/mem/intune/apps/apps-monitor). 41 | 42 | 47 | -------------------------------------------------------------------------------- /managed-desktop/deploy/device-location.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Windows 10 location service 3 | description: Describes how to have Windows location services turned on for your devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | manager: aaroncz 15 | ms.topic: retired 16 | audience: Admin 17 | ms.date: 12/06/2022 18 | --- 19 | 20 | # Windows 10 location service 21 | 22 | Devices in Microsoft Managed Desktop are registered by using Windows Autopilot. This process lets us manage them with Microsoft Entra ID and Microsoft Intune. 23 | 24 | By default, the Windows 10 location service is disabled when a device is turned on for the first time, unless, this feature is enabled in the Privacy settings during the "out of box experience." These settings are hidden during Autopilot enrollment in Microsoft Managed Desktop. For more information about how Autopilot is set up, see [First-run experience with Autopilot and the Enrollment Status Page](../deploy/esp-first-run.md). 25 | 26 | For this reason, Microsoft Managed Desktop devices can't obtain their device location, and limits the functionality of several Windows features, such as time zones. For more information about the Windows 10 location service, see [Windows 10 location service and privacy](https://support.microsoft.com/windows/windows-10-location-service-and-privacy-3a8eee0a-5b0b-dc07-eede-2a5ca1c49088). 27 | 28 | You don't have to use the location service in order to participate in Microsoft Managed Desktop. The user experience will be restricted. For example, devices won't be able to automatically determine the time zone they're in when your users work in a different time zone. 29 | 30 | ## Enable the location service 31 | 32 | You can either: 33 | 34 | - Opt in to use the location service when you enroll devices into the Microsoft Managed Desktop service, or 35 | - You can turn the service on or off after enrollment. 36 | 37 | ### Opt in during enrollment 38 | 39 | You can have the Microsoft Managed Desktop service enable the location service. During the enrollment sequence, you'll be asked to select whether you want to allow the Windows 10 location service to be enabled on devices. 40 | 41 | ### Control the location service after enrollment 42 | 43 | You can have the location service turned on (or off), at any time, by submitting a [support request](../operate/support-request.md) through the [admin center](../prepare/access-admin-center.md). 44 | 45 | ## How Microsoft Managed Desktop configures the Windows 10 location service 46 | 47 | If you opt in to using the location service, we use the minimum settings necessary without affecting users' privacy. For more information, see [Windows 10 location service and privacy](https://support.microsoft.com/windows/windows-10-location-service-and-privacy-3a8eee0a-5b0b-dc07-eede-2a5ca1c49088). 48 | 49 | Microsoft Managed Desktop enables the **Location privacy** setting in **Windows settings** to **Allow access to location on this device**. The user interface looks like this: 50 | 51 | :::image type="content" source="../media/MMD-location-services-UI.png" alt-text="Location settings in Windows settings."::: 52 | 53 | > [!NOTE] 54 | > If you opt in to using the location service, this applies only to the Windows operating system itself. Apps are not allowed to use location services. Each user can choose whether to allow apps to access their location. 55 | -------------------------------------------------------------------------------- /managed-desktop/deploy/downloads/device-registration-sample-partner.csv: -------------------------------------------------------------------------------- 1 | Manufacturer,Model,Serial Number 2 | SpiralOrbit,ContosoABC,000000000000 3 | -------------------------------------------------------------------------------- /managed-desktop/deploy/downloads/device-registration-sample-self.csv: -------------------------------------------------------------------------------- 1 | Manufacturer,Model,Serial Number,Hardware Hash 2 | Microsoft Corporation,Surface Laptop,016520771357,T0EeBAEAHAAAAAoAAQBjRQAACgAgAWNFTw76I3gCCQMCABAACQABAAIABAABAAAABQAZAAgAAAAAAAAACAAAAAAAAAACAAEAAwMAEQBHZW51aW5lSW50ZWwABAA0AEludGVsKFIpIENvcmUoVE0pIGk1LTczMDBVIENQVSBAIDIuNjBHSHoAAAAAAAAAAAYAEAAAAQAAAAAAABEAAAEHAEUAMzMzM180QTMwXzRBMjFfNjExNV8wMDI1XzM4NTlfMDAwMF8wMDAxLnxTQU1TVU5HIEtVUzAzMDIwMk0tQjAwMHwIABoACQAAALyDhexPuwgAAABQAEMASQAAAAgAGgAKAAAAvIOF7E+8CAAAAEIAVABIAAAACQAQAB0BvgDQCOAFAAAAgBsACAAdABMACgAJAAkCAMUKDQBQAFRQTS1WZXJzaW9uOjIuMCAtTGV2ZWw6MC1SZXZpc2lvbjoxLjE2LVZlbmRvcklEOidOVEMgJy1GaXJtd2FyZTo2NTUzOS42NTUzNgAZAAQBtp4c1IQUNQ6Wiaih3jV16sI/9xdNPxB/iAT1+02gHsHpieOUbnlL39zVxDIgPDwhRM1Fjgh2d8KJu2AM+SiHPXBbuWAP5/NwJlEyf3Te5/5yChEedFWdfgG1/13oK0AmEDSdfdJfDekpeloYSgZr73vsoClJ8DR67BnmyzSKnIY4I8lqDBXrcETeZwqAoqQbv1IP9MB/qersMJjMyuDrnkixiPpBgOGE8r6Oip+KMm3MTVbawqCgMhfl/xfMMR+l+krrAR75msvN9Jzf3ixXZu4uaHJYIobDIufyJYn29BgPllOtVfrK44IogwUeP1H09CT8TH1T9TPBi9CKh8zxjwsALgAAAAAAAQAgAAAAc3sivcVFJ1E85y+Gixfq87gUTmg7UlAfCesRyIuOLtgMABQANG6FKrfG3VAA6wI+Fp4TLQ4AEQAwMTY1MjA3NzEzNTcADwAaAE1pY3Jvc29mdCBDb3Jwb3JhdGlvbgAQABoATWljcm9zb2Z0IENvcnBvcmF0aW9uABEAEwBTdXJmYWNlIExhcHRvcAASABMAU3VyZmFjZV9MYXB0b3AAEwAMAFN1cmZhY2UAFwAnAEQ6RiBCOjBDODUwMkIxIEY6VSBDOjA5IFA6QzEgUzowMSAAFAAaAE1pY3Jvc29mdCBDb3Jwb3JhdGlvbgAVABMAU3VyZmFjZSBMYXB0b3AAFgAaAFNNQklPU19TVFJJTkdfSU5ERVhfMAAYABIAMzg2MzQ3NTI5Nzc4NwAaABMAW1JTMl1YMjEtMzYzMTEAHABGADMzMzNfNEEzMF80QTIxXzYxMTVfMDAyNV8zODU5XzAwMDBfMDAwMS58U0FNU1VORyBLVVMwMzAyMDJNLUIwMDB8AENTJADoMJEDquTVL+c3M1mlkr6E6sftOEuJD9f72qWBKCIr -------------------------------------------------------------------------------- /managed-desktop/deploy/enable-user-support-features.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Set up user support features 3 | description: How to set up elevation and escalation features for user support 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Set up user support features 18 | 19 | Whether you're providing your own user support or working with a partner to provide support, use the following steps to allow the support provider to request elevated device access, or escalate issues to Microsoft Managed Desktop, if needed. 20 | 21 | 1. If they don't already have one, set up an account in the same Microsoft Entra domain as the Microsoft Managed Desktop devices. 22 | 1. Add the user accounts to the **Modern Workplace Roles - Support Partner** security group in the Microsoft Entra ID. 23 | 24 | To submit an elevation or escalation request, see [Get end user support](../operate/end-user-support.md#submit-an-elevation-or-escalation-request). 25 | 26 | 27 | -------------------------------------------------------------------------------- /managed-desktop/deploy/get-started-devices.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get your users ready to use devices 3 | description: Information to help you get your users ready to use devices 4 | keywords: Microsoft Managed Desktop, device, get started, Microsoft 365 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.collection: 14 | - M365-modern-desktop 15 | - tier2 16 | ms.date: 12/06/2022 17 | --- 18 | 19 | # Get your users ready to use devices 20 | 21 | Once a Microsoft Managed Desktop device is in the hands of your user, getting started is fast and easy. Devices come pre-configured with the current version of Windows and configurations, and apps are installed from the cloud as the user completes setup. 22 | 23 | To make getting started even easier, we offer a guide that walks your users through the initial setup. The guide provides helpful resources for both the setup, and for use later, if needed. You can customize the following guide to include certain details specific to your organization. You then distribute the guide directly to your users along with their device. 24 | 25 | ## Prepare the guide 26 | 27 | **To prepare the guide:** 28 | 29 | 1. Download the [Microsoft Managed Desktop - Get started with your device](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/managed-desktop/get-started/downloads/microsoft-managed-desktop-user-guide-no-help-custom-v2.pdf) guide. 30 | 2. Use any app capable of opening PDF files to enter details relevant to your organization: 31 | - The name of the network your users should connect to in order to continue setup (Step 3 in the guide). 32 | - The name of your organization's Azure tenant account (Step 4 in the guide). 33 | - Contact information for your organization's internal IT support (top of second page). 34 | 3. Save the edited PDF, and then distribute to your users. 35 | 36 | ## Ready-to-use guide 37 | 38 | We also provide a more generic version of the guide for those organizations that don't need to customize it. 39 | 40 | Just download the [Microsoft Managed Desktop - Get started with your device (ready to use)](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/managed-desktop/get-started/downloads/microsoft-managed-desktop-user-guide-no-help-v2.pdf) guide. 41 | 42 | At this point, you're ready to move on to [deploying apps](../deploy/deploy-apps.md). 43 | -------------------------------------------------------------------------------- /managed-desktop/deploy/initial-app-deployment-with-app-control.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Initial app deployment with app control 3 | description: This article describes how to enable app control 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | audience: ITpro 10 | ms.topic: retired 11 | ms.localizationpriority: medium 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier2 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Initial app deployment with app control 19 | 20 | > [!NOTE] 21 | > The app control feature is optional. You must [submit a request](../operate/support-request.md) to turn on [app control](../prepare/app-control.md). 22 | 23 | Before you enable [app control](../prepare/app-control.md) in your environment, be sure to review and understand [how Microsoft Managed Desktop implements it](../prepare/app-control.md) and your roles and responsibilities. 24 | 25 | Microsoft Managed Desktop simplifies app control by taking care of the more challenging aspects of getting a secure base policy. 26 | 27 | Your IT Administrators must test your apps in the Test ring, and review the logs for any warnings, or errors. If an app needs an exemption, you can file a request, or Microsoft Managed Desktop Operation might, depending on who detects it first. 28 | 29 | ## Initial deployment of apps 30 | 31 | When you first deploy apps, Microsoft Managed Desktop needs to assess their current behavior. The exact steps for enabling app control depend on whether devices have already been deployed in your environment. 32 | 33 | ### Devices not yet in use 34 | 35 | If you don't yet have any devices in use, open a support ticket with Microsoft Managed Desktop Operations to request to turn on app control. Operations will progressively deploy policies to deployment groups following this schedule: 36 | 37 | | Deployment group | Policy type | Timing | 38 | | ------ | ------ | ------ | 39 | | Test | Audit | Day 0 | 40 | | First | Enforced | Day 1 | 41 | | Fast | Enforced | Day 2 | 42 | | Broad | Enforced | Day 3 | 43 | 44 | You can always open another support request to pause or roll back part of this deployment at any time during the rollout. 45 | 46 | ### Devices already in use 47 | 48 | If already have at least one Microsoft Managed Desktop device in use, use the following steps: 49 | 50 | 1. Open a service ticket with Microsoft Managed Desktop Operations requesting that we turn on app control. Operations will deploy an [Audit policy](../prepare/app-control.md#audit-policy) to all devices. 51 | 2. [Test your applications](../deploy/add-app-with-app-control.md#add-a-new-app) to see if any would be blocked. If an application would be blocked, open a [signer request](../deploy/add-app-with-app-control.md#add-or-remove-a-trusted-signer). 52 | 3. Once you've completed your testing (whatever the results), notify Operations, noting any pending signer requests. Operations will progressively deploy policies to deployment groups following this schedule: 53 | 54 | | Deployment group | Policy type | Timing | 55 | | ------ | ------ | ------ | 56 | | Test | Audit | Day 0 | 57 | | First | Enforced | Day 1 | 58 | | Fast | Enforced | Paused, rollout on request | 59 | | Broad | Enforced | Paused, rollout on request | 60 | 61 | You can always open another [support request](../operate/support-request.md) to pause or roll back part of this deployment at any time during the rollout. 62 | -------------------------------------------------------------------------------- /managed-desktop/deploy/localization.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Localize the user experience 3 | description: How to localize devices for users 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | manager: aaroncz 15 | ms.topic: retired 16 | audience: Admin 17 | ms.date: 08/19/2022 18 | --- 19 | 20 | # Localize the user experience 21 | 22 | Users of Microsoft Managed Desktop devices can select the language of their choice either during the setup process (the "out of box experience"), or after completing the setup process. 23 | 24 | ## During setup (the "out of box experience") 25 | 26 | During setup, users can select the language of their choice. This selection affects these attributes: 27 | 28 | | Attribute | Description | 29 | | ------ | ------ | 30 | | Windows 10 language features |
  • Display language
  • Keyboard language
  • Language-related Features on Demand
      • | 31 | | Microsoft 365 Apps for Enterprise language features |
      • Display language
      • Proofing and authoring tools
      | 32 | 33 | > [!NOTE] 34 | > Users can only get language-related Features On Demand by selecting the language during the setup process. 35 | 36 | ## After completing setup 37 | 38 | Users can select the language of their choice for Windows 10, and Microsoft 365 Apps for enterprise anytime after the setup process is complete. Specifically: 39 | 40 | | Feature | Description | 41 | | ------ | ------ | 42 | | Windows 10 language features |
      • Display language
      • Keyboard language
          • | 43 | | Microsoft 365 Apps for Enterprise language features |
          • Display language
          • Proofing and authoring tools
          | 44 | 45 | ## Install more languages 46 | 47 | > [!NOTE] 48 | > In April 2022, Microsoft Managed Desktop allows standard users to install language accessory packs directly from their Microsoft Office apps by deploying this [policy](/deployoffice/overview-deploying-languages-microsoft-365-apps#allow-users-who-arent-admins-to-install-additional-languages). Users can now add languages directly by using the language settings found in any Office app by navigating to **Options > Language > Add a Language**.

          Previously, Microsoft Office required users to be an admin and by adding devices to the custom Modern Workplace-Office-Language_Packs group that allowed users to add languages to Microsoft Office. This group is no longer needed and has been removed. 49 | 50 | ## Supported languages 51 | 52 | For new devices, your manufacturer must provide device images that include the languages you require. If your manufacturer's image includes languages that aren't included in the supported languages list, the device is still supported by the service. 53 | 54 | If you're reusing existing devices, you might need to work with your Microsoft account representative to obtain appropriate images. For more information, see [Device images](../prepare/device-images.md). 55 | 56 | The [universal image](../prepare/universal-image.md) provided by Microsoft Managed Desktop includes the supported languages and for Windows 10. For more information, see [language support](../prepare/universal-image.md#language-support). 57 | 58 | > [!NOTE] 59 | > Microsoft 365 Apps for enterprise might support a slightly different list. 60 | 61 | If your users need a language other than the ones listed in [language support](../prepare/universal-image.md#language-support), submit a [support request](../operate/support-request.md) by using the [admin center](../prepare/access-admin-center.md). 62 | 63 | ## Languages for support and operations 64 | 65 | ### Admin support and operations 66 | 67 | Microsoft Managed Desktop provides admin support only in English. This support includes the admin center and all communications with Microsoft Managed Desktop Operations. You should assume that all admin-related interactions and interfaces will be in English, unless specified otherwise. 68 | -------------------------------------------------------------------------------- /managed-desktop/deploy/validate-device.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Validate new devices 3 | description: Before ordering devices, obtain one of each model and test it 4 | ms.service: m365-md 5 | author: tiaraquan 6 | f1.keywords: 7 | - NOCSH 8 | ms.author: tiaraquan 9 | ms.localizationpriority: medium 10 | ms.collection: 11 | - M365-modern-desktop 12 | - tier2 13 | manager: aaroncz 14 | ms.topic: retired 15 | audience: Admin 16 | ms.date: 12/06/2022 17 | --- 18 | 19 | # Validate new devices 20 | 21 | Whether you're new to Microsoft Managed Desktop or a long-time subscriber, it's recommended to test an example of any device model you're enrolling in the service for the first time. This is true whether you're ordering brand-new devices or reusing existing ones including devices recommended for Microsoft Managed Desktop. 22 | 23 | ## View devices 24 | 25 | **To view devices recommended for use with the service:** 26 | 27 | 1. Go to [Shop Windows Pro business devices](https://www.microsoft.com/windowsforbusiness/view-all-devices) site. 28 | 1. In the **Filter by** section in the left pane, expand the **Features** filter. 29 | 1. Select **Microsoft Managed Desktop**. 30 | 31 | Validating devices ensures that they'll deliver the user experience you expect. 32 | 33 | ## Validate devices 34 | 35 | **To validate devices:** 36 | 37 | 1. Take one or more examples of new models through the steps in the following articles: 38 | - [Prepare devices](../prepare/prepare-devices-for-registration.md) 39 | - [Localize the user experience](../deploy/localization.md) 40 | - [First-run experience with Autopilot and the Enrollment Status Page](../deploy/esp-first-run.md) 41 | - [Windows 10 location service](../deploy/device-location.md) 42 | - [Get started with app control](../deploy/initial-app-deployment-with-app-control.md) 43 | - [Deploy apps to devices](../deploy/deploy-apps.md) 44 | 2. Verify that the following experiences work without any failures, errors, or prompts: 45 | - The Autopilot experience after joining the network and the user signs in. 46 | - If you've enabled the [Enrollment Status Page](../deploy/esp-first-run.md), it works. 47 | - User can sign into to Office applications. 48 | - OneDrive folders sync, including Windows Desktop, Documents, and Pictures. 49 | - Device receives updates, policies, and line-of-business applications. 50 | 3. Review the reported devices and hardware requirements in the [Device inventory report](../operate/device-inventory-report.md) to check that they match what you expect. 51 | 52 | If any problems occur, you can [request support](../operate/support-request.md) in the admin center. 53 | 54 | If everything goes well, you're ready to order the rest of the validated devices you need for your deployment. 55 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-access-app-context.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get access to API with application context 3 | description: How to create an application to get programmatic access to Microsoft Managed Desktop API 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Get access to API with application context 18 | 19 | This article describes how to create an application to get programmatic access to Microsoft Managed Desktop API with their own identity and not on behalf of a user. 20 | 21 | The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 client credentials flow](/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow). 22 | 23 | **To configure a service and get an access token:** 24 | 25 | 1. Create and register [a Microsoft Entra application](/graph/auth-register-app-v2). 26 | 1. Configure permissions for Microsoft Managed Desktop on your app. 27 | 1. Get administrator consent. 28 | 1. Get an access token using this application. 29 | 1. Use the token to access Microsoft Managed Desktop API. 30 | 31 | ## Create an app 32 | 33 | To authenticate with the Microsoft identity platform endpoint, you must first register your app at the [Azure app registration portal](https://go.microsoft.com/fwlink/?linkid=2083908). 34 | 35 | For a service that will call Microsoft Managed Desktop API under its own identity, you must register your app for the Web platform and copy the following values: 36 | 37 | - The application ID assigned by the Azure app registration portal. 38 | - A client (application) secret, either a password or a public/private key pair (certificate). 39 | - A redirect URL for your service to receive token responses. 40 | 41 | For steps on how to configure an app using the Azure app registration portal, see [Register your app](/graph/auth-register-app-v2). 42 | 43 | With the OAuth 2.0 client credentials grant flow, your app authenticates directly at the Microsoft identity platform endpoint using the application ID assigned by Microsoft Entra ID and the client secret that you create using the portal. 44 | 45 | ## Configure permissions 46 | 47 | **To configure application permissions for your app in the [Azure app registrations portal](https://go.microsoft.com/fwlink/?linkid=2083908):** 48 | 49 | 1. Under **your** application's API permissions page, choose **Add a permission \> APIs my organization uses \>** type **Modern Workplace Customer APIs \>** select **Modern Workplace Customer APIs**. 50 | 2. Select **Application permissions \> MmdSupport.ReadWrite**, and then select **Add permissions**. 51 | 52 | ![Request API permissions page](../media/api/request-api-perms.png) 53 | 54 | ## Get administrator consent 55 | 56 | You will need an administrator to grant admin consent for your application. 57 | 58 | ## Get an access token 59 | 60 | For more information on Microsoft Entra tokens, see the [Microsoft Entra tutorial](/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds). 61 | 62 | In the OAuth 2.0 client credentials grant flow, you use the application ID and client secret values that you saved when you registered your app to request an access token directly from the Microsoft identity platform /token endpoint. 63 | 64 | ### Token request 65 | 66 | You send an HTTP POST request to the /token identity platform endpoint to acquire an access token: 67 | 68 | ```http 69 | https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token 70 | ``` 71 | 72 | | Parameter | Condition | Description | 73 | | --- | --- | --- | 74 | | tenantId | Required | The tenant’s Microsoft Entra ID. | 75 | | client_id | Required | The application ID assigned when you registered your app. | 76 | | Scope | Required | Must be `https://mwaas-services-customerapi-prod.azurewebsites.net/.default` | 77 | | client_secret | Required | The client secret that you generated for your app in the app registration portal.| 78 | | grant_type | Required | Must be `client_credentials`. | 79 | 80 | ### Token response 81 | 82 | A successful JSON response looks like this: 83 | 84 | ```json 85 | { 86 | "token_type": "Bearer", 87 | "expires_in": "3599", 88 | "access_token": "access_token" 89 | } 90 | ``` 91 | 92 | | Parameter | Description | 93 | | --- | --- | 94 | | access_token | The requested access token. Your app can use this token in calls to the API. | 95 | | token_type | Must be bearer. | 96 | | expires_in | How long the access token is valid (in seconds. | 97 | 98 | #### Use the token to access Microsoft Managed Desktop API 99 | 100 | 1. Choose the API you want to use. 101 | 2. Set the authorization header in the http request you send to "**Bearer {token}**" (Bearer is the authorization scheme). 102 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-add-notes.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Add notes to a ticket 3 | description: Describes how to add notes to specific ticket. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 10/25/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Add notes to a ticket 18 | 19 | ## API description 20 | 21 | Adds notes to specific ticket. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | POST https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId')/addNote 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | | Property | Required | Type | Description | 48 | | --- | --- | --- | --- | 49 | | text | True | String | Note to add to ticket for support engineer. | 50 | 51 | ## Response 52 | 53 | If successful, this method returns a 204 response code and there is no content in response body. 54 | 55 | ## Example 56 | 57 | ### Example request 58 | 59 | The following is an HTTP example of a request to add notes to a specific ticket and a second request to retrieve all ticket notes. 60 | 61 | The following is an example of the HTTP request: 62 | 63 | ```http 64 | POST https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId')/addNote 65 | ``` 66 | 67 | The following is an example of the JSON request: 68 | 69 | ```json 70 | {     71 |     "text": "Note to add to ticket" 72 | } 73 | ``` 74 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-close-elevation-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Close an elevation request 3 | description: Describes how to close elevation requests 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Close an elevation request 18 | 19 | ## API description 20 | 21 | Close an elevation request. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | PATCH https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/elevationRequests/{elevationRequestId} 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | | Property | Type | Description | 48 | | --- | --- | --- | 49 | | ActionsTaken | String | Actions taken to resolve case. | 50 | 51 | ## Response 52 | 53 | If successful, this method returns a 204 No Content response code. 54 | 55 | ## Example 56 | 57 | ### Example request 58 | 59 | The following is an example of the HTTP request. 60 | 61 | ```http 62 | PATCH https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/elevationRequests/{elevationRequestId} 63 | ``` 64 | 65 | The following is an example of the JSON request. 66 | 67 | ```json 68 | { 69 |     "ActionsTaken" : "Actions taken to resolve case." 70 | } 71 | ``` 72 | 73 | ### Example response 74 | 75 | The following is an example of a successful response. 76 | 77 | ```json 78 | 204 No Content 79 | ``` 80 | 81 | ### Failed responses 82 | 83 | The following are examples of failed responses. 84 | 85 | #### Example one 86 | 87 | The following is an example of a failed JSON response. 88 | 89 | ```json 90 | { 91 |     "error": { 92 |         "code": "400", 93 |         "message": "This elevation request was already closed." 94 |     } 95 | } 96 | ``` 97 | 98 | #### Example two 99 | 100 | The following is an example of a failed JSON response. 101 | 102 | ```json 103 | { 104 |     "error": { 105 |         "code": "404", 106 |         "message": "This elevation request does not exist." 107 |     } 108 | } 109 | ``` 110 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-create-elevation-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Create an elevation request 3 | description: Describes how to create an elevation request for a specific device 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Create an elevation request 18 | 19 | ## API description 20 | 21 | Create an elevation request for a specific device. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | POST https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/elevationRequests 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | | Property | Type | Description | 48 | | --- | --- | --- | 49 | | partnerTicketId | String | Ticket ID of support ticket linked to elevation request. | 50 | | deviceName | String | Device name. | 51 | | title | String | Title. | 52 | | category | String | Request category. | 53 | | subcategory | String | Request subcategory. | 54 | | planOfAction | String | Plan of action to resolve case. | 55 | 56 | ## Response 57 | 58 | If successful, this method returns a 201 Created response code and a list of devices in the response body. 59 | 60 | ## Example 61 | 62 | ### Example request 63 | 64 | The following is an example of the HTTP request. 65 | 66 | ```http 67 | POST https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/elevationRequests 68 | ``` 69 | 70 | The following is an example of the JSON request. 71 | 72 | ```json 73 | { 74 |     "PartnerTicketId": "Support Ticket Id", 75 |     "DeviceName": "DeviceName", 76 |     "Title": "Elevation request title", 77 |     "Category": "Office", 78 |     "Subcategory": "Excel", 79 |     "PlanOfAction": "Plan of action using elevation." 80 | } 81 | ``` 82 | 83 | ### Example response 84 | 85 | The following is an example of the JSON response. 86 | 87 | ```json 88 | { 89 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#ElevationRequests/$entity", 90 |     "id": "Elevation Request Id", 91 |     "tenantId": "Tenant Id", 92 |     "partnerId": "Tenant Id", 93 |     "requestingAgentUpn": "user UPN email", 94 |     "partnerTicketId": "Support Ticket Id", 95 |     "deviceName": "DeviceName", 96 |     "title": "Elevation request title", 97 |     "category": "Office", 98 |     "subcategory": "Excel", 99 |     "planOfAction": "Plan of action using elevation.", 100 |     "actionsTaken": "", 101 |     "closingAgentUpn": "", 102 |     "requestCreationTime": "2021-12-14T14:06:25.0338102Z", 103 |     "requestClosureTime": null, 104 |     "requestRenewTime": null, 105 |     "isSuccessfulRequest": true, 106 |     "viewerUpns": [], 107 |     "passwordLastUpdatedTime": "2021-03-16T15:10:36.2066667Z", 108 |     "isDeleted": false, 109 |     "ttl": 7776000, 110 |     "eTag": null 111 | } 112 | ``` 113 | 114 | ### Failed responses 115 | 116 | The following are examples of failed responses. 117 | 118 | #### Example one 119 | 120 | The following is an example of a failed JSON response. 121 | 122 | ```json 123 | { 124 |     "error": { 125 |         "code": "403", 126 |         "message": "This device has too many open elevation requests." 127 |     } 128 | } 129 | ``` 130 | 131 | #### Example two 132 | 133 | The following is an example of a failed JSON response. 134 | 135 | ```json 136 | { 137 |     "error": { 138 |         "code": "404", 139 |         "message": "This device does not exist." 140 |     } 141 | } 142 | ``` 143 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-devices.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Devices 3 | description: Information about devices registered and managed by Microsoft Managed Desktop. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # API Schema 18 | 19 | ## Devices 20 | 21 | Devices registered and managed by Microsoft Managed Desktop. 22 | 23 | ### Methods 24 | 25 | | Method | Return Type | Description | 26 | | --- | --- | --- | 27 | | Get device | Device | Get a single device object | 28 | | List devices | Device collection | List device collection | 29 | 30 | ### Properties 31 | 32 | | Property | Type | Description | 33 | | --- | --- | --- | 34 | | name | String | Name of the device. | 35 | | intuneId | String | Intune identifier for the device. | 36 | | manufacturer | String | Manufacturer of the device. | 37 | | model | String | Model of the device. | 38 | | serialNumber | String | Serial number of the device. | 39 | | globalDeviceId | String | Unique identifier of the device. | 40 | | enrolledIntoIntuneDateTimeUtc | DateTimeOffset | Enrollment time of the device. | 41 | | tenantId | Guid | The tenant’s Microsoft Entra ID. | 42 | | assignedUser | String | User assigned to the device. | 43 | | userUpn | String | Username of the assigned user. | 44 | | userEmail | String | Email address of the assigned user. | 45 | | complianceState | String | Compliance state of the device. | 46 | | osVersion | String | OS version. | 47 | | primaryUpdateRing | String | Primary update ring of the device. Possible values are: `Test`, `First`, `Fast`, `Broad`. | 48 | | lastIntuneSyncDateTimeUtc | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. | 49 | | ageInMonths | Single | Age of device since enrollment. | 50 | | planType | String | | 51 | | persona | String | Device profile. Possible values are: `Standard`, `SensitiveData`, `PowerUser`, `Kiosk`, `Starter`. | 52 | | aadDeviceId | Guid | The device’s Microsoft Entra ID. | 53 | | managementAgent | String | Management channel of the device. | 54 | | operatingSystemEdition | String | Operating system edition. | 55 | | profileAssignmentStatus | String | Status of profile assignment. | 56 | | groups | group collection | List of groups device is assigned to. | 57 | | configurations | configuration collection | List of configuration policies assigned to device. | 58 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-elevation-requests.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Elevation requests 3 | description: Information about the methods and properties of elevation requests 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Elevation Requests 18 | 19 | ## Methods 20 | 21 | | Method | Return Type | Description | 22 | | --- | --- | --- | 23 | | Get elevation request| Elevation request | Get details of an elevation request. | 24 | | List elevation requests | Collection of elevation requests | List all elevation requests. | 25 | | Create elevation request | Elevation request | Creates a new elevation request.| 26 | | Close elevation request | Elevation request | Closes elevation request. | 27 | 28 | ## Properties 29 | 30 | ### ElevationRequest 31 | 32 | | Property | Type | Description | 33 | | --- | --- | --- | 34 | | ID | Guid | Elevation request ID. | 35 | | requestingAgentUpn | String | Upn of user requesting elevation. | 36 | | partnerTicketId | String | Ticket ID of support ticket linked to elevation request. | 37 | | deviceName | String | Device name.| 38 | | title | String | Title. | 39 | | category | String | Request category. | 40 | | subcategory | String | Request subcategory. | 41 | | planOfAction | String | Plan of action to resolve case. | 42 | | actionsTaken | String | Actions taken to resolve case. | 43 | | closingAgentUpn | String | Upn of user closing elevation request. | 44 | | requestCreationTime | DateTimeOffset | Request creation time. | 45 | | requestClosureTime | DateTimeOffset | Request closure time. | 46 | | viewerUpns | Collection | List of user Upns that have viewed password. | 47 | | passwordLastUpdatedTime | DateTimeOffset | Last time password was updated on device. | 48 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-get-elevation-request-details.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get elevation request details 3 | description: Describes how to retrieve details of any open elevation request for a specific device. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Get elevation request details 18 | 19 | ## API description 20 | 21 | Retrieves details of any open elevation request for a specific device. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | GET https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/devices/{deviceName}/elevationDetails 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | Don't supply a request body for this method. 48 | 49 | ## Response 50 | 51 | If successful, this method returns a 200 OK response code and user details in the response body. 52 | 53 | ## Example 54 | 55 | ### Example request 56 | 57 | The following is an example of the HTTP request. 58 | 59 | ```http 60 | GET https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/devices/MMD-03690457680/elevationDetails 61 | ``` 62 | 63 | ### Example response 64 | 65 | The following is an example of the JSON response. 66 | 67 | ```json 68 | { 69 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#Microsoft.ManagedDesktop.DeviceElevationDetail", 70 |     "tenantId": "Tenant Id", 71 |     "deviceName": "MMD-03690457680", 72 |     "openedElevationRequestId": "Elevation Request Id", 73 |     "aadDeviceId": "Azure AD device Id", 74 |     "accountUpn": "accountUpn", 75 |     "password": "password", 76 |     "passwordLastUpdated": "2021-03-16T15:10:36.2066667Z", 77 |     "status": "PasswordSucceeded", 78 |     "isPasswordChanged": false, 79 |     "viewedBy": [ 80 |         "System" 81 |     ] 82 | } 83 | ``` 84 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-get-ticket-id.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get ticket by ID 3 | description: Retrieves specific ticket by its ID. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 10/25/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Get ticket by ID 18 | 19 | ## API description 20 | 21 | Retrieves specific ticket by its ID. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | GET https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId') 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | Don't supply a request body for this method. 48 | 49 | ## Response 50 | 51 | If successful, this method returns a 200 OK response code and user details in the response body. 52 | 53 | ## Example 54 | 55 | ### Example request 56 | 57 | The following is an example of the HTTP request. 58 | 59 | ```http 60 | GET https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId') 61 | ``` 62 | 63 | ### Example response 64 | 65 | The following is an example of the JSON response. 66 | 67 | ```json 68 | { 69 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#Tickets/$entity", 70 |     "title": "Title", 71 |     "description": "Description", 72 |     "isPartner": true, 73 |     "type": "Incident", 74 |     "category": "Devices", 75 |     "subcategory": "Configuration/Policy", 76 |     "compromiseIndicator": null, 77 |     "usersOrDevicesImpacted": 100, 78 |     "relatedAlerts": null, 79 |     "businessImpact": "Business Impact", 80 |     "issueFirstNoticed": "2021-10-06T07:00:00Z", 81 |     "issueReproduced": true, 82 |     "endUserSupportEngaged": true, 83 |     "troubleshootingSteps": "Describe any performed remediation steps.", 84 |     "nextActionOwner": "Microsoft", 85 |     "nextActionTime": null, 86 |     "reproSteps": null, 87 |     "id": "MMD-1465058-R5V8P", 88 |     "severity": 2, 89 |     "state": "active", 90 |     "createdDateTime": "2021-12-14T04:28:18Z", 91 |     "resolvedDateTime": null, 92 |     "contact": { 93 |         "id": "Unique Id", 94 |         "givenName": "John", 95 |         "surname": "Doe", 96 |         "email": "jd@contoso.com", 97 |         "phoneNumber": "phone number", 98 |         "preferredLanguageId": "" 99 |     }, 100 |     "emails": [], 101 |     "attachments": [], 102 |     "notes": [] 103 | } 104 | ``` 105 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-get-ticket-notes.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get ticket notes 3 | description: Retrieves all ticket notes created by customer for a specific ticket. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 10/25/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Get ticket notes 18 | 19 | ## API description 20 | 21 | Retrieves all ticket notes created by customer for a specific ticket. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not Applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | GET https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId')/notes 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | Don't supply a request body for this method. 48 | 49 | ## Response 50 | 51 | If successful, this method returns a 200 OK response code and user details in the response body. 52 | 53 | ## Example 54 | 55 | ### Example request 56 | 57 | The following is an example of the HTTP request. 58 | 59 | ```http 60 | GET https://mmdls.microsoft.com/support/odata/v1/tickets('TicketId')/notes 61 | ``` 62 | 63 | ### Example response 64 | 65 | The following is an example of the JSON response. 66 | 67 | ```json 68 | { 69 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#Tickets('MMD-1465058-R5V8P')/notes", 70 |     "value": [ 71 |         { 72 |             "id": 0, 73 |             "type": "post", 74 |             "renderType": "html", 75 |             "createdDateTime": "2021-12-14T04:28:18Z", 76 |             "modifiedDateTime": "2021-12-14T04:28:18Z", 77 |             "text": "This is the test note to add", 78 |             "sender": "Sender Id" 79 |         } 80 |     ] 81 | } 82 | ``` 83 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-get-user.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Get user by userUpn 3 | description: Retrieves specific user by userUpn. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Get user by userUpn 18 | 19 | ## API description 20 | 21 | Retrieves specific user by userUpn. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | `MWaaSDevice.Read` | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | GET https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/users/{userUpn} 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | Accept | application/json | 44 | 45 | ## Request body 46 | 47 | Don't supply a request body for this method. 48 | 49 | ## Response 50 | 51 | If successful, this method returns a 200 OK response code and user details in the response body. 52 | 53 | ## Example 54 | 55 | ### Example request 56 | 57 | The following is an example of the HTTP request. 58 | 59 | ```http 60 | GET https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/devices/jdoe@contoso.onmicrosoft.com 61 | ``` 62 | 63 | ### Example response 64 | 65 | The following is an example of the JSON response. 66 | 67 | ```json 68 | { 69 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#Users", 70 |     "value": [ 71 |         { 72 |             "name": "John Doe", 73 |             "upn": "jdoe@contoso.onmicrosoft.com", 74 |             "email": "jdoe@contoso.onmicrosoft.com", 75 |             "groups": [ 76 |                 { 77 |                     "id": "00000000-0000-0000-0000-000000000000", 78 |                     "displayName": "Group display name", 79 |                     "description": "Group description", 80 |                     "countMembers": null 81 |                 } 82 |                 ... 83 |             ], 84 |             "devices": [ 85 |                 { 86 |                     "serialNumber": "Serial number value", 87 |                     "name": "Device Name value", 88 |                     "model": "Virtual Machine", 89 |                     "ring": "First", 90 |                     "lastIntuneSyncTime": "2021-03-16T11:10:04Z" 91 |                 } 92 |                 ... 93 |             ] 94 |         } 95 |     ] 96 | } 97 | ``` 98 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-list-profiles.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: List all device profiles 3 | description: List all device profiles in the tenant. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 12/06/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # List all device profiles 18 | 19 | ## API description 20 | 21 | Lists all the available profiles in the tenant. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | `MWaaSDevice.Read` | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | GET https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/profiles  36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | 44 | ## Response 45 | 46 | If successful, this method returns a 200 OK response code and a list of profiles in the response body. 47 | 48 | ```json 49 | 200 OK 50 | { 51 |     "@odata.context": "https://mmd-support-prod-nam.trafficmanager.net/odata/v1/$metadata#Profile", 52 |     "value": [ 53 |         { 54 |             "id": "SensitiveData", 55 |             "status": "Enabled" 56 |         }, 57 |         { 58 |             "id": "Standard", 59 |             "status": "Enabled" 60 |         }, 61 |         { 62 |             "id": "PowerUser", 63 |             "status": "Enabled" 64 |         } 65 |     ] 66 | } 67 | ``` 68 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Managed Desktop API 3 | description: Information about Microsoft Managed Desktop APIs 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Microsoft Managed Desktop API 18 | 19 | ## Overview 20 | 21 | The Microsoft Managed Desktop API enables data and capabilities through a set of programmatic APIs that will allow you to automate workflows using your preferred tools. 22 | 23 | The API enables you to view and manage devices, support tickets, and elevation requests details as you would through [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)). 24 | 25 | Using the API, you can: 26 | 27 | - Get a list of devices managed within your tenant and detailed information about each device. 28 | - Get a list of users with their managed devices. 29 | - Create and manage support tickets. 30 | - Create and manage elevation requests. 31 | 32 | ## Before you begin 33 | 34 | In general, you’ll need to take the following steps to use the APIs: 35 | 36 | 1. Create and register [a Microsoft Entra application](/graph/auth-register-app-v2). 37 | 1. Configure permissions for Microsoft Managed Desktop on your app. 38 | 1. Get administrator consent or user credential. 39 | 1. Get an access token. 40 | 1. Use the token to access Microsoft Managed Desktop API. 41 | 42 | For more information, see Get access to API with [application context](mmd-api-access-app-context.md) or [user context](mmd-api-access-user-context.md). 43 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-reassign-device-profile.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Reassign device profile 3 | description: Reassign a device's profile or devices' profiles in bulk. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 12/06/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Reassign device profile 18 | 19 | ## API description 20 | 21 | Reassign a device's profile or devices' profiles in bulk. 22 | 23 | ## Prerequisites 24 | 25 | One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions. 26 | 27 | | Permission type | Permissions | 28 | | --- | --- | 29 | | Delegated | Not applicable | 30 | | Application | `MmdSupport.ReadWrite` | 31 | 32 | ## HTTP request 33 | 34 | ```http 35 | PATCH https://mmdls.microsoft.com/support/odata/v1/tenants/{tenantId}/profiles/reassignProfile?persona={persona} &wipe={wipe} 36 | ``` 37 | 38 | ## Request headers 39 | 40 | | Header | Value | 41 | | --- | --- | 42 | | Authorization | Bearer {token} **(Required)** | 43 | | ContentType | application/json | 44 | 45 | ## Request body 46 | 47 | ```json 48 | [ 49 |   "{aadDeviceId1}", 50 | "{aadDeviceId2}", 51 | "{aadDeviceId3}" 52 | ] 53 | ``` 54 | 55 | ## Example response 56 | 57 | The following is an example of a successful response. 58 | 59 | ```json 60 | 200 OK 61 | Successfully start reassigning devices to profile Kiosk 62 | ``` 63 | 64 | ### Failed responses 65 | 66 | #### Example 1: 400 Bad request: Kiosk not enabled for tenant 67 | 68 | ```json 69 | { 70 |     "errorCode": "400", 71 |     "message": "Kiosk not enabled for tenant {tenantId}, only SensitiveData,Standard,PowerUser are enabled", 72 |     "instanceAnnotations": [] 73 | } 74 | ``` 75 | 76 | The target profile not enabled for this tenant. Use available profiles in the response or use the [List Profiles](mmd-api-list-profiles.md) API to check the status of each profile. 77 | 78 | ### Example 2: 400 Bad request: Persona not supported 79 | 80 | ```json 81 | { 82 |     "errorCode": "400", 83 |     "message": "This persona is not supported.", 84 |     "instanceAnnotations": [] 85 | } 86 | ``` 87 | 88 | The target profile is incorrect or no profile available for this tenant. 89 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-tickets.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Tickets 3 | description: Information about Microsoft Managed Desktop ticket APIs 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Tickets 18 | 19 | ## Methods 20 | 21 | | Method | Return Type | Description | 22 | | --- | --- | --- | 23 | | Get ticket | CustomerTicket | Get details of support ticket. | 24 | | List tickets | CustomerTicket collection | List all support tickets. | 25 | | Create ticket | CustomerTicket | Creates a new support ticket. | 26 | 27 | ## Properties 28 | 29 | ### CustomerTicket 30 | 31 | | Property | Type | Description | 32 | | --- | --- | --- | 33 | | title | String | Name of the device. | 34 | | description | String | Detailed description of question or issue. | 35 | | isPartner | Boolean | Is a support partner ticket. | 36 | | type | TicketType | Ticket type. | 37 | | category | TicketCategory | Ticket category. | 38 | | subcategory | String | Ticket subcategory. | 39 | | usersOrDevicesImpacted | Int32 | Number of users/devices impacted. | 40 | | businessImpact | String | Describe business impact | 41 | | issueFirstNoticed | DateTimeOffset | Time when issue was first noticed. | 42 | | issueReproduced | Boolean | Issue is reproduced on non-Microsoft Managed device. | 43 | | endUserSupportEngaged | Boolean | End user support was engaged. | 44 | | troubleshootingSteps | String | Description of the performed remediation steps. | 45 | | reproSteps | String | Steps to reproduce issue. | 46 | | ID | String | Ticket ID. | 47 | | severity | Severity Level | Ticket severity. | 48 | | state | Ticket State | Ticket State. | 49 | | createdDateTime | DateTimeOffset | Time of ticket creation. | 50 | | resolvedDateTime | DateTimeOffset | Time of ticket resolution. | 51 | | contact | CaseContact | Case contact object. | 52 | | emails | email collection | List of emails. | 53 | | attachments | attachment collection | List of attachments. | 54 | | notes | notes collection | List of notes. | 55 | 56 | ### CaseContact 57 | 58 | | Property | Type | Description | 59 | | --- | --- | --- | 60 | | ID | Guid | Unique identifier. | 61 | | givenName | String | First name. | 62 | | surname | String | Last name. | 63 | | email | String | Email address. | 64 | | phoneNumber | String | Phone number. | 65 | -------------------------------------------------------------------------------- /managed-desktop/developer/mmd-api-users.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Users 3 | description: Retrieves users assigned to Microsoft Managed Desktop devices. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 04/26/2022 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier3 15 | --- 16 | 17 | # Users 18 | 19 | Users assigned to Microsoft Managed Desktop devices. 20 | 21 | ## Methods 22 | 23 | | Method | Return Type | Description | 24 | | --- | --- | --- | 25 | | Get user | Device | Get a single user object | 26 | | List users | Device collection | List user and associated collections | 27 | 28 | ## Properties 29 | 30 | | Property | Type | Description | 31 | | --- | --- | --- | 32 | | name | String | Full name of the user. | 33 | | upn | String | Username. | 34 | | email | String | Email address. | 35 | | devices | devices collection | List of devices assigned to the user. | 36 | | groups | configurations collection | List of groups the user is assigned to.| 37 | -------------------------------------------------------------------------------- /managed-desktop/docfx.json: -------------------------------------------------------------------------------- 1 | { 2 | "build": { 3 | "content": [ 4 | { 5 | "files": [ 6 | "**/*.md", 7 | "**/*.yml" 8 | ], 9 | "exclude": [ 10 | "**/obj/**", 11 | "**/includes/**", 12 | "_themes/**", 13 | "_themes.pdf/**", 14 | "**/docfx.json", 15 | "_repo.en-us/**", 16 | "README.md", 17 | "LICENSE", 18 | "LICENSE-CODE", 19 | "ThirdPartyNotices.md" 20 | ] 21 | } 22 | ], 23 | "resource": [ 24 | { 25 | "files": [ 26 | "**/*.png", 27 | "**/*.jpg" 28 | ], 29 | "exclude": [ 30 | "**/obj/**", 31 | "**/includes/**", 32 | "_themes/**", 33 | "_themes.pdf/**", 34 | "**/docfx.json", 35 | "_repo.en-us/**" 36 | ] 37 | } 38 | ], 39 | "overwrite": [], 40 | "externalReference": [], 41 | "globalMetadata": { 42 | "breadcrumb_path": "/managed-desktop/breadcrumb/toc.json", 43 | "extendBreadcrumb": true, 44 | "feedback_system": "None", 45 | "uhfHeaderId": "MSDocsHeader-M365-IT", 46 | "is_archived": true, 47 | "is_retired": true, 48 | "contributors_to_exclude": [ 49 | "rjagiewich", 50 | "claydetels19", 51 | "jborsecnik", 52 | "shdyas", 53 | "garycentric", 54 | "dstrome", 55 | "beccarobins", 56 | "Stacyrch140", 57 | "American-Dipper", 58 | "padmagit77", 59 | "aditisrivastava07", 60 | "Ruchika-mittal01" 61 | ] 62 | }, 63 | "fileMetadata": {}, 64 | "template": [], 65 | "dest": "Managed-Desktop" 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /managed-desktop/index.yml: -------------------------------------------------------------------------------- 1 | ### YamlMime:Landing 2 | 3 | title: Microsoft Managed Desktop documentation # < 60 chars 4 | summary: Microsoft Managed Desktop transitioned to end-of-service (EOS) on July 31, 2024. # < 200 chars 5 | 6 | metadata: 7 | title: Microsoft Managed Desktop documentation # Required; page title displayed in search results. Include the brand. < 60 chars. 8 | description: Microsoft Managed Desktop brings together Microsoft 365 Enterprise, cloud-based device management by Microsoft, and security monitoring, enabling you to free up your IT teams to focus on core business needs. # Required; article description that is displayed in search results. < 160 chars. 9 | keywords: device, app, management 10 | ms.service: m365-md #Required; service per approved list. service slug assigned to your service by ACOM. 11 | ms.topic: landing-page # Required 12 | author: tiaraquan #Required; your GitHub user alias, with correct capitalization. 13 | ms.author: tiaraquan #Required; microsoft alias of author; optional team alias. 14 | ms.date: 12/04/2020 #Required; mm/dd/yyyy format. 15 | ms.custom: intro-hub-or-landing 16 | ms.collection: essentials-navigation 17 | 18 | # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new 19 | 20 | landingContent: 21 | # Cards and links should be based on top customer tasks or top subjects 22 | # Start card title with a verb 23 | # Card (optional) 24 | - title: About Microsoft Managed Desktop 25 | linkLists: 26 | - linkListType: overview 27 | links: 28 | - text: What is Microsoft Managed Desktop? 29 | url: ./overview/service-plan.md 30 | - text: Service description 31 | url: ./overview/service-plan-description.md 32 | - linkListType: get-started 33 | links: 34 | - text: Prerequisites 35 | url: ./prepare/prerequisites.md 36 | - text: Deploy apps 37 | url: ./deploy/deploy-apps.md 38 | - text: Reports 39 | url: ./operate/reports.md 40 | 41 | # Card (optional) 42 | - title: Articles and blog posts 43 | linkLists: 44 | - linkListType: learn 45 | links: 46 | - text: "[Blog] Workplace devices are the new \"free snacks\"" 47 | url: https://techcommunity.microsoft.com/t5/microsoft-managed-desktop/workplace-devices-are-the-new-free-snacks/ba-p/1675936 48 | - text: "[Whitepaper] Study: Microsoft Managed Desktop saves time and costs" 49 | url: https://techcommunity.microsoft.com/t5/microsoft-managed-desktop/study-microsoft-managed-desktop-saves-time-and-costs/ba-p/1403408 50 | - text: "[Whitepaper] Microsoft Managed Desktop Can Help Boost Engagement" 51 | url: https://techcommunity.microsoft.com/t5/microsoft-managed-desktop/microsoft-managed-desktop-can-help-boost-engagement/ba-p/1031932 52 | - text: "[Whitepaper] SA Power Networks deploys Microsoft Managed Desktop to satisfy evolving user needs" 53 | url: https://customers.microsoft.com/story/832888-sa-power-networks-case-study-energy-microsoft-managed-desktop 54 | 55 | # Card (optional) 56 | - title: Benefits and highlights 57 | linkLists: 58 | - linkListType: video 59 | links: 60 | - text: Microsoft Managed Desktop - IT Admin experience 61 | url: https://www.youtube.com/watch?v=UQ8VRSysUXw&feature=youtu.be 62 | - text: What enterprises love about Microsoft Managed Desktop 63 | url: https://learn-video.azurefd.net/vod/player?id=cc708bf9-a324-4716-8470-ca9352461926 64 | - text: Microsoft Managed Desktop - Fantastic device experiences 65 | url: https://learn-video.azurefd.net/vod/player?id=32fefc43-8399-4a27-a5ec-df399b643fd9 66 | - text: Microsoft Managed Desktop - Security operations 67 | url: https://learn-video.azurefd.net/vod/player?id=cb29d882-c4c3-429b-9433-11b8bbb9ea77 68 | - text: Microsoft Managed Desktop - Change and release process 69 | url: https://learn-video.azurefd.net/vod/player?id=cb29d882-c4c3-429b-9433-11b8bbb9ea77 70 | - text: The Shiproom / IGM / Episode 29 - Prioritizing user experience with security 71 | url: https://www.youtube.com/watch?v=im11J9C1MTA&feature=youtu.be 72 | - text: The Shiproom / Lloyds Banking Group / Episode 25 - Leadership amid rapid transformation 73 | url: https://www.youtube.com/watch?v=B9Gqj66qxNo&feature=youtu.be 74 | -------------------------------------------------------------------------------- /managed-desktop/media/MMD-location-services-UI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/MMD-location-services-UI.png -------------------------------------------------------------------------------- /managed-desktop/media/api/request-api-perms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/api/request-api-perms.png -------------------------------------------------------------------------------- /managed-desktop/media/api/request-api-perms2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/api/request-api-perms2.png -------------------------------------------------------------------------------- /managed-desktop/media/api/request-api-perms3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/api/request-api-perms3.png -------------------------------------------------------------------------------- /managed-desktop/media/api/request-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/api/request-details.png -------------------------------------------------------------------------------- /managed-desktop/media/areaoffocus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/areaoffocus.png -------------------------------------------------------------------------------- /managed-desktop/media/device-registration/auto-registration-high-level-workflow-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/device-registration/auto-registration-high-level-workflow-diagram.png -------------------------------------------------------------------------------- /managed-desktop/media/device-registration/device-registration-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/device-registration/device-registration-overview.png -------------------------------------------------------------------------------- /managed-desktop/media/device-registration/manual-registration-high-level-workflow-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/device-registration/manual-registration-high-level-workflow-diagram.png -------------------------------------------------------------------------------- /managed-desktop/media/mmd-autopilot-co-management.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/mmd-autopilot-co-management.png -------------------------------------------------------------------------------- /managed-desktop/media/mmd-autopilot-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/mmd-autopilot-screenshot.png -------------------------------------------------------------------------------- /managed-desktop/media/mmd-devices-view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/mmd-devices-view.png -------------------------------------------------------------------------------- /managed-desktop/media/mmd-profile-options-heirarchy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/mmd-profile-options-heirarchy.png -------------------------------------------------------------------------------- /managed-desktop/media/mmd-support-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/mmd-support-flow.png -------------------------------------------------------------------------------- /managed-desktop/media/onedrive/onedrive-folders.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/onedrive/onedrive-folders.png -------------------------------------------------------------------------------- /managed-desktop/media/onedrive/onedrive-sync.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/onedrive/onedrive-sync.png -------------------------------------------------------------------------------- /managed-desktop/media/onedrive/onedrive-teams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/onedrive/onedrive-teams.png -------------------------------------------------------------------------------- /managed-desktop/media/reports/all-devices-historical-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/reports/all-devices-historical-report.png -------------------------------------------------------------------------------- /managed-desktop/media/reports/all-devices-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/reports/all-devices-report.png -------------------------------------------------------------------------------- /managed-desktop/media/reports/eligible-devices-historical-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/reports/eligible-devices-historical-report.png -------------------------------------------------------------------------------- /managed-desktop/media/reports/ineligible-devices-historical-report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/reports/ineligible-devices-historical-report.png -------------------------------------------------------------------------------- /managed-desktop/media/reports/summary-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/media/reports/summary-dashboard.png -------------------------------------------------------------------------------- /managed-desktop/operate/affected-devices-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Affected devices report 3 | description: Provides details about the affected devices that affected by operating system stop errors. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 03/24/2023 16 | --- 17 | 18 | # Affected devices report 19 | 20 | This report provides details about the devices that are affected by operating system stop errors. 21 | 22 | ## Report information 23 | 24 | | Column name | Description | 25 | | ----- | ----- | 26 | | Device name | Name of the device affected by one of more operating system stop errors over the specified observation window. | 27 | | Crash count | Number of operating system stop errors affecting the device over the specified observation window. | 28 | | OS version | Version of the operating system running on the device. | 29 | | Device model | Make and model of the specific device. | 30 | 31 | ## Report options 32 | 33 | | Option | Description | 34 | | ----- | ----- | 35 | | Refresh | Select **Refresh** to ensure that the Summary dashboard view is updated to the latest available dataset within the last 24-hour period. The option to refresh the Summary dashboard is available at the top of the page. | 36 | | Time period | Select one of the following time periods:

          • Last day
          • Last 14 days
          • Last 28 days
          Then, select **Apply**. | 37 | | Export | Select **Export** at the top of the page to export data from this report into a CSV file. | 38 | -------------------------------------------------------------------------------- /managed-desktop/operate/all-devices-historical-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: All devices report—historical 3 | description: Provides a visual representation of the update status trend for all devices over the last 90 days. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: adnich 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # All devices report—historical 19 | 20 | The historical All devices report provides a visual representation of the update status trend for all devices over the last 90 days. 21 | 22 | **To view the historical All devices report:** 23 | 24 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 25 | 1. Navigate to **Reports** > **Microsoft Managed Desktop** > **Windows Quality Updates**. 26 | 1. Select the **Reports** tab. 27 | 1. Select **All devices report—historical**. 28 | 29 | :::image type="content" source="../media/reports/all-devices-historical-report.png" alt-text="All devices—historical report" lightbox="../media/reports/all-devices-historical-report.png"::: 30 | 31 | > [!NOTE] 32 | > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page. 33 | 34 | ## Report options 35 | 36 | The following options are available: 37 | 38 | | Option | Description | 39 | | ----- | ----- | 40 | | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. | 41 | | Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. | 42 | 43 | For a description of the displayed device status trends, see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). 44 | -------------------------------------------------------------------------------- /managed-desktop/operate/all-devices-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: All devices report 3 | description: Provides a summary view of the current update status for all devices enrolled into Microsoft Managed Desktop. Used to be called Device status report 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: adnich 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # All devices report 19 | 20 | The All devices report provides a per device view of the current update status for all Microsoft Managed Desktop enrolled devices. 21 | 22 | **To view the All devices report:** 23 | 24 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 25 | 1. Navigate to **Reports** > **Microsoft Managed Desktop** > **Windows Quality Updates**. 26 | 1. Select the **Reports** tab. 27 | 1. Select **All devices report**. 28 | 29 | :::image type="content" source="../media/reports/all-devices-report.png" alt-text="All devices report" lightbox="../media/reports/all-devices-report.png"::: 30 | 31 | > [!NOTE] 32 | > The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page. 33 | 34 | ## Report information 35 | 36 | The following information is available in the All devices report: 37 | 38 | | Column name | Description | 39 | | ----- | ----- | 40 | | Device name | The name of the device. | 41 | | Microsoft Entra device ID | The current Microsoft Entra ID recorded device ID for the device. | 42 | | Serial number | The current Intune recorded serial number for the device. | 43 | | Deployment ring | The currently assigned Microsoft Managed Desktop deployment ring for the device. | 44 | | Update status | The current update status for the device (see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). | 45 | | Update sub status | The current update sub status for the device (see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). | 46 | | OS version | The current version of Windows installed on the device. | 47 | | OS revision | The current revision of Windows installed on the device. | 48 | | Intune last check in time | The last time the device checked in to Intune. | 49 | 50 | ## Report options 51 | 52 | The following options are available: 53 | 54 | | Option | Description | 55 | | ----- | ----- | 56 | | Search | Use to search by device name, Microsoft Entra device ID or serial number | 57 | | Sort | Select the **column headings** to sort the report data in ascending and descending order. | 58 | | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. | 59 | | Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate report**. | 60 | -------------------------------------------------------------------------------- /managed-desktop/operate/app-usage-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: App usage report 3 | description: How to use the app usage report 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # App usage report 18 | 19 | This report helps you understand how applications are being used across your Microsoft Managed Desktop devices. It can also act as a reference to help you assess any effect on your users when application issues are discovered. 20 | 21 | **To view the App usage report:** 22 | 23 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 24 | 1. Select **Reports**. 25 | 1. Navigate to **Microsoft Managed Desktop** > **Managed devices**. Then, select the **Reports** tab. 26 | 1. Select **Application usage**. 27 | 28 | ## Report information 29 | 30 | | Column name | Description | 31 | | ------ | ------ | 32 | | Application name | Applications with any amount of reported usage will appear in this list. | 33 | | Foreground usage | Time spent interacting with the foreground application shown in hours. | 34 | | Average weekday usage | Average usage per device excluding weekends. 35 | | Device count | The number of reporting devices contributing to usage per application. 36 | | % of reporting devices | The percentage of total reporting devices that have used this application. 37 | 38 | > [!IMPORTANT] 39 | > For devices to report data, they must be set to the Optional diagnostic data level. Learn more about [how Microsoft Managed Desktop uses Windows diagnostic data](../overview/privacy-personal-data.md). 40 | -------------------------------------------------------------------------------- /managed-desktop/operate/change-device-profile.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Reassign device profiles 3 | description: How to change a device profile for a device 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | manager: aaroncz 15 | ms.topic: retired 16 | audience: Admin 17 | ms.date: 11/18/2022 18 | --- 19 | 20 | # Change the device profile 21 | 22 | You can change the [Device profiles](../operate/device-profiles.md) assigned to a device using the admin center. 23 | 24 | The selected device profile will be applied to all devices you select in the first step. 25 | 26 | **To change the device profile:** 27 | 28 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane. 29 | 1. In the **Microsoft Managed Desktop** section, select **Devices**. 30 | 1. Select the checkboxes for the devices you want to modify. 31 | 1. Select **Change device profile**. A fly-in opens. 32 | 1. Use the dropdown menu to select the new device profile. 33 | 1. Check that the **Reset device** slider is set the way you want. 34 | 1. Select **Change profile**. 35 | 36 | To move separate devices to different profiles, you'll need to repeat this process for each device profile. 37 | -------------------------------------------------------------------------------- /managed-desktop/operate/config-setting-deploy.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Deploy configurable settings in Microsoft Managed Desktop 3 | description: Deploy and track configurable settings changes in Microsoft Managed Desktop. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation, deploy, staged deployment, configurable settings 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Deploy and track configurable settings - Microsoft Managed Desktop 18 | 19 | After you make changes to your setting categories and stage a deployment, the Deployment status page allows you to begin deploying your settings to groups. This page shows a summary of each configurable setting. When opening a setting category, you can deploy settings to groups and track the progress of these deployments. 20 | 21 | ## Deployment statuses 22 | 23 | The following are the statuses you'll see for each deployment. 24 | 25 | | Status | Explanation | 26 | | ----- | ----- | 27 | | Deploy | Your change is waiting to be deployed to this group. | 28 | | In progress | The change is being applied to active devices in this group. | 29 | | Complete | The change completed on all active devices in this group. | 30 | | Failed | The change failed on 10 percent of active devices in the group. The deployment was stopped.

          A support request will be automatically opened with Microsoft Managed Desktop operations to fix the deployment.| 31 | | Reverted | The change was reverted to the last change that was successfully deployed to all deployment groups. | 32 | 33 | ## Deploy changes 34 | 35 | As an example, we'll use a desktop background picture in these instructions. After you've staged a deployment, you deploy changes from the Deployment status page. 36 | 37 | **To deploy changes:** 38 | 39 | 1. Go to the **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** and navigate to the **Devices** menu. 40 | 2. In the Microsoft Managed Desktop section, select **Settings**. 41 | 3. In the **Deployment status** workspace, select the setting you want to deploy. Then, select the staged deployment to deploy. 42 | 4. Select **Deploy** to deploy the change to one of the deployment groups. 43 | 44 | > [!NOTE] 45 | > The orange caution icon indicates there is a previous group available for deployment as it's recommended to roll out in order. 46 | 47 | 48 | 49 | We recommend deploying to deployment groups in this order: Test, First, Fast, and then Broad. 50 | 51 | When changes complete in each group, the status changes to **Complete**. 52 | 53 | 54 | 55 | ## Revert deployment 56 | 57 | After you've deployed a change, you can revert from **Deployment status**. When you revert a change that is **In progress** or **Complete**, the current deployment stops. The setting will revert to the last version that was deployed to all groups. 58 | 59 | As an example, we'll revert the desktop background picture. 60 | 61 | **To revert a change:** 62 | 63 | 1. Go to the **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** and navigate to the **Devices** menu. 64 | 2. In the Microsoft Managed Desktop section, select **Settings**. 65 | 3. In the **Deployment status** workspace, select the setting you want to revert. Then, select the staged deployment to revert. 66 | 4. Under **Need to revert this change?**, select **Revert deployment**. 67 | 68 | 69 | 70 | ## Additional resources 71 | 72 | - [Configurable settings overview](../operate/config-setting-overview.md) 73 | - [Configurable settings reference](../operate/config-setting-ref.md) 74 | -------------------------------------------------------------------------------- /managed-desktop/operate/device-crash-drilldown-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device crash drilldown report 3 | description: Provides details to better understand the impact of the operating system stop error on the device. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 03/24/2023 16 | --- 17 | 18 | # Device crash drilldown report 19 | 20 | In this report, select a specific device to drill down further into the details to better understand the impact of the operating system stop error on the device. 21 | 22 | ## Report information 23 | 24 | | Column name | Description | 25 | | ----- | ----- | 26 | | What failed | List of failure modules that caused the operating system stop error on the selected device over the specified observation window. | 27 | | Failure module version | Version of the failure module that caused the operating system stop error on the selected device over the specified observation window. | 28 | | Time | Timestamp when the operating system stop error was observed. | 29 | -------------------------------------------------------------------------------- /managed-desktop/operate/device-inventory-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device inventory report 3 | description: This article describes the Device inventory report 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Device inventory report 18 | 19 | In the **Devices** view, you can select the **Export all** tab to download a comma-delimited file including the Serial Number, Device Name, Device Last check-in, Managed By, Manufacturer, Model, OS, OS License, OS Version, Ownership, Enrollment Date, Ring Name, Storage - Free in GB, Storage - Total in GB, Enrolled by User UPN, Assigned User, Status, Age (Months), Profile, Logged in Users, TPM version, Secure Boot Enabled, Primary Disk Type, and Total Physical Memory. 20 | 21 | ![Devices view showing list of devices and related details. Check boxes near the top select filters for activity, registration status. Above that is a search box. Tabs at the top for registering new devices, refreshing the view, exporting errors, and exporting the data.](../media/mmd-devices-view.png) 22 | -------------------------------------------------------------------------------- /managed-desktop/operate/device-reliability-historical-trends-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device reliability historical trends report 3 | description: Provides aggregated device reliability (stop errors) information over the past 28 days for Microsoft Managed Desktop managed devices in the tenant. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 03/24/2023 16 | --- 17 | 18 | # Device reliability historical trends report 19 | 20 | This report provides aggregated device reliability (stop errors) information, over the past 28 days, for Microsoft Managed Desktop managed devices in the tenant. 21 | 22 | > [!NOTE] 23 | > The data in this report refreshes every 24 hours. 24 | 25 | ## Report information 26 | 27 | | Column name | Description | 28 | | ----- | ----- | 29 | | Trend chart | The historical trend shows the daily percentage of stop error-free devices over last 28 days (observation window). | 30 | | Crash-free | The daily average percentage of devices that are stop error-free over the last 28 days (observation window). | 31 | | Average crashed devices | The daily average number of devices experiencing a stop error over the last 28 days (observation window). | 32 | | Average number of crashes | The daily average number of stop errors over the last 28 days (observation window). | 33 | 34 | ## Report options 35 | 36 | | Option | Description | 37 | | ----- | ----- | 38 | | Refresh | Select **Refresh** to ensure that the Summary dashboard view is updated to the latest available dataset within the last 24-hour period. The option to refresh the Summary dashboard is available at the top of the page. | 39 | | Export | Select **Export** at the top of the page to export data from this report into a CSV file. | 40 | -------------------------------------------------------------------------------- /managed-desktop/operate/device-reliability-reports-overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device reliability reports overview 3 | description: Provides the necessary insights for IT admins to better understand the impact of operating system stop errors on managed devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 04/05/2023 16 | --- 17 | 18 | # Device reliability reports overview (public preview) 19 | 20 | > [!IMPORTANT] 21 | > This feature is in **public preview**. This feature is being actively developed, and may not be complete. You can test and use these features in production environments and provide feedback. 22 | 23 | The Device reliability reports provide the necessary insights for IT admins to better understand the impact of operating system stop errors on Microsoft Managed Desktop managed devices. For more information about how Microsoft Managed Desktop monitors stop errors, see [Proactive monitoring](../operate/proactive-monitoring.md#stop-errors). 24 | 25 | ## View the Device reliability reports 26 | 27 | **To view the Device reliability reports:** 28 | 29 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 30 | 2. Select **Reports**. 31 | 3. Navigate to **Microsoft Managed Desktop** > **Device health**. 32 | -------------------------------------------------------------------------------- /managed-desktop/operate/eligible-devices-historical-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Eligible devices report—historical 3 | description: Provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days. (Used to be called Security-updates-report) 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: adnich 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Eligible devices report—historical 19 | 20 | The historical Eligible devices report provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days. 21 | 22 | **To view the historical Eligible devices report:** 23 | 24 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 25 | 1. Navigate to **Reports** > **Microsoft Managed Desktop** > **Windows Quality Updates**. 26 | 1. Select the **Reports** tab. 27 | 1. Select **Eligible devices report—historical**. 28 | 29 | :::image type="content" source="../media/reports/eligible-devices-historical-report.png" alt-text="Eligible devices—historical report" lightbox="../media/reports/eligible-devices-historical-report.png"::: 30 | 31 | > [!NOTE] 32 | > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page. 33 | 34 | ## Report options 35 | 36 | The following options are available: 37 | 38 | | Option | Description | 39 | | ----- | ----- | 40 | | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. | 41 | | Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. | 42 | 43 | For a description of the displayed device status trends, see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). 44 | -------------------------------------------------------------------------------- /managed-desktop/operate/failure-module-drilldown-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Failure module drilldown report 3 | description: Provides details to better understand the impact of the failure module. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 03/24/2023 16 | --- 17 | 18 | # Failure module drilldown report 19 | 20 | In this report, select a specific failure module to drill down further into the details to better understand the impact of the failure module. 21 | 22 | ## Report information 23 | 24 | | Column name | Description | 25 | | ----- | ----- | 26 | | Trend chart | Highlights the daily percentage of devices that didn't experience an operating system stop error because of the selected failure module over the specified observation window. | 27 | | Crash free | The daily average percentage of devices that didn't experience an operating system stop error because of the selected failure module over the specified observation window. | 28 | | Average crashed devices | The daily average number of devices experiencing an operating system stop error because of the selected failure module over the specified observation window. | 29 | | Average crashes | The daily average number of operating system stop errors because of the selected failure module over the specified observation window. | 30 | | Data table | The table provides the following information:
          • **Device name**: impacted by the selected failure module over the specified observation window.
          • **Crash count**: number of operating system stop errors on the device because of the selected failure module over the specified observation window.
          • **OS version**: version of the operating system running on the device.
          | 31 | 32 | ## Report options 33 | 34 | | Option | Description | 35 | | ----- | ----- | 36 | | Add filter | Select one or more device model filters. Then, select **Apply**. | 37 | -------------------------------------------------------------------------------- /managed-desktop/operate/ineligible-devices-historical-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Ineligible devices report—historical 3 | description: Provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: adnich 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Ineligible devices report—historical 19 | 20 | The historical Ineligible devices report provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days. 21 | 22 | > [!NOTE] 23 | > Devices must have at least six hours of usage, with at least two hours being continuous. You may see an increase in the number of ineligible devices when the widget refreshes every second Tuesday of each month. 24 | 25 | **To view the historical Ineligible devices report:** 26 | 27 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 28 | 1. Navigate to **Reports** > **Microsoft Managed Desktop** > **Windows Quality Updates**. 29 | 1. Select the **Reports** tab. 30 | 1. Select **Ineligible devices report—historical**. 31 | 32 | :::image type="content" source="../media/reports/ineligible-devices-historical-report.png" alt-text="Ineligible devices—historical report" lightbox="../media/reports/ineligible-devices-historical-report.png"::: 33 | 34 | > [!NOTE] 35 | > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page. 36 | 37 | ## Report options 38 | 39 | The following options are available: 40 | 41 | | Option | Description | 42 | | ----- | ----- | 43 | | Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. | 44 | | Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. | 45 | 46 | For a description of the displayed device status trends, see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). 47 | -------------------------------------------------------------------------------- /managed-desktop/operate/maintain-environment.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Maintain the Microsoft Managed Desktop environment 3 | description: This article details how to maintain the Microsoft Managed Desktop environment 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.date: 03/31/2023 14 | ms.collection: 15 | - M365-modern-desktop 16 | - tier1 17 | --- 18 | 19 | # Maintain the Microsoft Managed Desktop environment 20 | 21 | ## Microsoft Managed Desktop tenant actions 22 | 23 | The Tenant management blade is used to alert IT admins of any actions that are required to maintain overall service health. 24 | 25 | The Tenant management blade can be found by navigating to **Tenant administration** > **Microsoft Managed Desktop** > **Tenant management**. 26 | 27 | > [!IMPORTANT] 28 | > Microsoft Managed Desktop will now manage your tenant with our [enterprise applications](../overview/privacy-personal-data.md#tenant-access). If your tenant is still using the [Microsoft Managed Desktop service accounts](../prepare/readiness-assessment-fix.md#microsoft-managed-desktop-service-accounts), your Global admin must go to the Tenant management blade to approve the configuration change. 29 | 30 | The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed. 31 | 32 | ### Tenant action severity types 33 | 34 | | Severity | Description | 35 | | ----- | ----- | 36 | | Critical | You must take action, as soon as possible. If no action is taken, the Microsoft Managed Desktop service may be affected. | 37 | 38 | ### Critical actions in Microsoft Managed Desktop 39 | 40 | | Action type | Severity | Description | 41 | | ----- | ----- | ----- | 42 | | Maintain tenant access | Critical | Address tenant access issues. Reasons for tenant access issues:
          • You haven't yet migrated to the new Microsoft Managed Desktop enterprise application. Microsoft Managed Desktop uses this enterprise application to run the service.
          • You've migrated to the new enterprise application but still need to clean up the old service accounts created by the service.

          Take action by consenting to allow Microsoft Managed Desktop to make the appropriate changes on your behalf. You must be a Global Administrator to approve this action. Once you provide consent, Microsoft Managed Desktop will take action and remediate this critical action for you. For more information, see [Microsoft Managed Desktop privacy](../overview/privacy-personal-data.md).

          | 43 | 44 | If you need more assistance, please [submit a support request](../operate/support-request.md). 45 | -------------------------------------------------------------------------------- /managed-desktop/operate/manage-apps.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Manage apps in Microsoft Managed Desktop 3 | description: Info about how to update line-of-business apps that are deployed to Microsoft Managed Desktop devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.date: 01/18/2019 14 | ms.collection: 15 | - M365-modern-desktop 16 | - tier1 17 | --- 18 | 19 | # Manage line-of-business apps in Microsoft Managed Desktop 20 | 21 | 22 | 23 | You can make app updates in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 24 | 25 | 26 | 27 | ## Update line-of-business apps in Microsoft Managed Desktop 28 | 29 | **To update your line-of-business apps in Microsoft Intune admin center:** 30 | 31 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 32 | 1. Under **Inventory**, select **Apps**. 33 | 1. Select the app you want to updates, and then select **Edit**. 34 | 1. Under **Manage**, select **Properties**. 35 | 1. Select **App package file**, and then browse to upload a new app package file. 36 | 1. Select **App package file**. 37 | 1. Select the folder icon and browse to the location of your updated app file. Select **Open**. The app information is updated with the package information. 38 | 1. Verify that **App version** reflects the updated app package. 39 | 40 | The updated app will be deployed to your user's devices. 41 | 42 | 43 | 44 | ## Update line-of-business apps in Intune 45 | 46 | **To update your line-of-business apps in Intune:** 47 | 48 | 1. Go to the [Azure portal](https://portal.azure.com). 49 | 2. Select **All Services** > **Intune**. Intune is in the **Monitoring + Management** section. 50 | 3. Select **Client Apps > Apps**. 51 | 4. Find and select your app in the list of apps. 52 | 5. In the **Overview** section, select **Properties**. 53 | 6. Select **App package file**. 54 | 7. Select the folder icon and browse to the location of your updated app file. Select **Open**. The app information is updated with the package information. 55 | 8. Verify that **App version** reflects the updated app package. 56 | 57 | 58 | 59 | ## Roll back an app to a previous version 60 | 61 | When a new version of an app is deployed, and an error is found, you can roll back to a previous version. The process outlined below is for apps where the type is listed as **Windows MSI line-of-business app** or **Windows app (Win 32) - preview** 62 | 63 | **To roll back a line-of-business app to a previous version:** 64 | 65 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 66 | 2. Under **Inventory**, select **Apps**. 67 | 3. Select the app you need to roll back, and then select **Edit**. 68 | 4. Under **Manage**, select **Properties**. 69 | - For **Windows MSI line-of-business app** apps, select **App information**, and then under **Ignore app version**, select **Yes**. 70 | - For **Windows app (Win 32) - preview** apps, select **App information**, select **Detection rules**, and then select **Add**. 71 | If there's an MSI rule, verify that **MSI product version check** is set to **No**. 72 | 5. [Upload a previous version of the app source file](../deploy/deploy-apps.md) to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 73 | -------------------------------------------------------------------------------- /managed-desktop/operate/media/release-process-timeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/operate/media/release-process-timeline.png -------------------------------------------------------------------------------- /managed-desktop/operate/media/update-communications.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/operate/media/update-communications.png -------------------------------------------------------------------------------- /managed-desktop/operate/media/windows-quality-force-update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/operate/media/windows-quality-force-update.png -------------------------------------------------------------------------------- /managed-desktop/operate/media/windows-quality-typical-update-experience.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/operate/media/windows-quality-typical-update-experience.png -------------------------------------------------------------------------------- /managed-desktop/operate/media/windows-quality-update-grace-period.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Managed-Desktop/a05b857e5ef2d3b5057b64d6931f51d0696bf44d/managed-desktop/operate/media/windows-quality-update-grace-period.png -------------------------------------------------------------------------------- /managed-desktop/operate/onedrive.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft OneDrive 3 | description: How Microsoft Managed Desktop sets up OneDrive for enrolled devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation, apps, line-of-business apps, LOB apps 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Microsoft OneDrive 18 | 19 | Microsoft Managed Desktop uses [OneDrive for Business](/onedrive/plan-onedrive-enterprise) as a cloud storage service for all Microsoft Managed Desktop devices. It ensures that the devices are as stateless as possible. Users will be able to find their files no matter which device they sign into. For example, if you replace a Microsoft Managed Desktop device with a new one, the files will automatically sync to the new device. 20 | 21 | We automatically configure these settings by default on Microsoft Managed Devices: 22 | 23 | | Feature | Description | 24 | | ------ | ------ | 25 | | Silent configuration | OneDrive is silently configured with the user account. It automatically signs in, without user interaction, to the user account that was used to sign into Windows. For more information, see [Silently configure user accounts - OneDrive](/onedrive/use-silent-account-configuration) | 26 | | Files-On-Demand | The Files-On-Demand feature enables users to access files from their cloud storage in OneDrive without having to use disk space unnecessarily. For more information, see [Save disk space with OneDrive Files On-Demand for Windows 10](https://support.microsoft.com/office/save-disk-space-with-onedrive-files-on-demand-for-windows-10-0e6860d3-d9f3-4971-b321-7092438fb38e). | 27 | | Known Folder Move | The Known Folder Move feature is enabled silently to back up users’ data in the cloud, which gives them access to their files from any device. For more information, see [Back up your Documents, Pictures, and Desktop folders with OneDrive](https://support.microsoft.com/office/back-up-your-documents-pictures-and-desktop-folders-with-onedrive-d61a7930-a6fb-4b95-b28a-6552e77c3057).

          Users can't disable the Known Folder Move feature or change the location of known folders to ensure a consistent experience across Microsoft Managed Desktop devices.

          | 28 | 29 | ## User experience 30 | 31 | When Microsoft Managed Desktop users receive a new device, they go through a first-run experience, by entering their Azure credentials, while setting up the device. After this process is completed, they can access their desktop and have the OneDrive experience. 32 | 33 | 1. The system tells users that OneDrive has been configured and that they've been automatically signed into OneDrive. 34 | 35 | :::image type="content" source="../media/onedrive/onedrive-sync.png" alt-text="Notification reading you're now syncing OneDrive and you can edit files in OneDrive. click here to view your files."::: 36 | 37 | 2. The system tells users that OneDrive Known Folder Move has been configured for them. 38 | 39 | :::image type="content" source="../media/onedrive/onedrive-folders.png" alt-text="Notification reading Your IT department backed up your important folders. The folders are now backed up to OneDrive and available from other devices."::: 40 | 41 | 3. To prevent duplicate icons on the desktop when devices are reset or reimaged, the system automatically removes Microsoft Edge and Microsoft Teams icons from the OneDrive sync. This information is shown in File Explorer. 42 | 43 | :::image type="content" source="../media/onedrive/onedrive-teams.png" alt-text="File Explorer showing Teams and Edge listings with cleared check boxes and hover text reading Excluded from sync."::: 44 | 45 | ## OneDrive sync restrictions 46 | 47 | If you need to restrict the OneDrive sync, we recommend that you control access with a Microsoft Entra Conditional Access policy. For more information, see 48 | [Enable conditional access support in the OneDrive sync app](/onedrive/enable-conditional-access). 49 | 50 | If you can't use a Microsoft Entra Conditional Access policy in your organization, your IT Admin should follow these steps: 51 | 52 | 1. If you don't already know it, look up your tenant ID, as described in [Find your Microsoft 365 tenant ID](/onedrive/find-your-office-365-tenant-id). 53 | 1. Sign in to the OneDrive admin center. 54 | 1. In the left pane, select **Sync**. 55 | 1. Select the **Allow syncing only on PCs joined to specific domains** checkbox, and then add the tenant ID to the list of domains. For more information, see [Allow syncing only on computers joined to specific domains](/onedrive/allow-syncing-only-on-specific-domains). 56 | 57 | > [!NOTE] 58 | > This guidance applies only to tenants in Microsoft Managed Desktop. There are other settings in use that aren't discussed in this article. 59 | -------------------------------------------------------------------------------- /managed-desktop/operate/operating-system-stop-error-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Operating system stop error report 3 | description: Provides details about the failure modules that caused an operating system stop error and impacted Microsoft managed Desktop devices in the tenant. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: vigandhi 15 | ms.date: 03/24/2023 16 | --- 17 | 18 | # Operating system stop error report 19 | 20 | This report highlights details about the failure modules that caused an operating system stop error and impacted Microsoft Managed Desktop devices in the tenant. 21 | 22 | ## Report information 23 | 24 | The table lists of operating system stop error codes observed on devices over the specified observation window. 25 | 26 | | Column name | Description | 27 | | ----- | ----- | 28 | | What failed | Failure module name that caused the operating system stop error. | 29 | | Failure module version | Version of the failure module that caused the operating system stop error. | 30 | | Devices affected | Total number of devices that were affected by the operating system stop error over the specified time period. | 31 | | Crash count | Total number of times the operating system stop error was observed over the specified time period. | 32 | 33 | ## Report options 34 | 35 | | Option | Description | 36 | | ----- | ----- | 37 | | Refresh | Select **Refresh** to ensure that the Summary dashboard view is updated to the latest available dataset within the last 24-hour period. The option to refresh the Summary dashboard is available at the top of the page. | 38 | | Time period | Select one of the following time periods:
          • Last day
          • Last 14 days
          • Last 28 days
          Then, select **Apply**. | 39 | | Export | Select **Export** at the top of the page to export data from this report into a CSV file. | -------------------------------------------------------------------------------- /managed-desktop/operate/project-visio.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices 3 | description: Info on installing Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, Microsoft Project, Microsoft Visio 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.date: 03/17/2023 12 | ms.collection: 13 | - M365-modern-desktop 14 | - tier2 15 | --- 16 | 17 | # Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices 18 | 19 | Microsoft Project and Microsoft Visio require specific steps to be installed on Microsoft Managed Desktop devices. This article documents the prerequisites and installation process for these applications. 20 | 21 | > [!IMPORTANT] 22 | > Microsoft Visio and Project licenses must be from Office 365 subscriptions. Microsoft Managed Desktop doesn’t support volume license keys (VLKs). 23 | 24 | ## Prerequisites 25 | 26 | Admins should verify that they meet these prerequisites: 27 | 28 | | Prerequisites | Description | 29 | | ------ | ------ | 30 | | License quantities | The correct amount of Microsoft Project and Microsoft Visio licenses must be available for your users. Microsoft Managed Desktop currently only supports 64-bit versions of these applications. | 31 | | License names | The appropriate license names for these applications are:
          • **Microsoft Project** - Project Online Professional or Project Online Premium
          • **Microsoft Visio** - Visio Online Plan 2
              • | 32 | | Company Portal | The Company Portal must be available in your tenant for your users to install these applications. If the Company Portal isn't deployed in your tenant, see [Company Portal](../prepare/company-portal.md). | 33 | 34 | ## Deploy Project and Visio for Microsoft Managed Desktop devices 35 | 36 | Microsoft Managed Desktop will add Microsoft Project and Microsoft Visio as two Win32 Applications in Microsoft Intune. We'll also create two groups in Microsoft Entra ID. The groups will be assigned to the corresponding application with the "Available" intent. 37 | 38 | **To deploy Project and Visio:** 39 | 40 | Add the user to the appropriate group and the application will become available in the Company Portal. It may take a few minutes to sync, but then your users can install the apps from the Company Portal. 41 | 42 | | Microsoft Entra group name | Which users to assign? | 43 | | ----- | ----- | 44 | | Modern Workplace-Office-Project_Install | Users needing Project | 45 | | Modern Workplace-Office-Visio_Install | Users needing Visio | 46 | 47 | ## Communicate changes 48 | 49 | It's important for IT administrators to let their users know how to install Project and Visio. This communication includes: 50 | 51 | - Notifying users when these applications are available to them. 52 | - Instructions on how to install these applications from the Company Portal. 53 | -------------------------------------------------------------------------------- /managed-desktop/operate/remove-devices.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Remove devices 3 | description: Remove devices from Microsoft Managed Desktop management 4 | ms.service: m365-md 5 | author: tiaraquan 6 | f1.keywords: 7 | - NOCSH 8 | ms.author: tiaraquan 9 | ms.localizationpriority: medium 10 | ms.collection: 11 | - M365-modern-desktop 12 | - tier2 13 | manager: aaroncz 14 | ms.topic: retired 15 | audience: Admin 16 | ms.date: 12/06/2022 17 | --- 18 | 19 | # Remove devices 20 | 21 | You can remove devices from Microsoft Managed Desktop management by using the admin center. This action is permanent, but you can register them with Microsoft Managed Desktop again by following the [manual registration steps](../prepare/manual-registration.md). 22 | 23 | When you remove a device, all of the following occur: 24 | 25 | - We remove the device from Autopilot. 26 | - We remove the device from all "Modern Workplace" device groups. 27 | - We remove the device from the **Devices** blade in the admin center. 28 | 29 | When you remove a device, you can also remove it from Microsoft Entra ID and Microsoft Intune. 30 | 31 | > [!CAUTION] 32 | > Removing the objects related to a device from Microsoft Entra ID and Microsoft Intune is permanent. If you remove the objects, you won't be able to view or manage the devices from the Intune and Azure portals. The devices won't be able to access their company's corporate resources. Company data might be deleted from them if the devices try to sign in after they're deleted. 33 | 34 | **To remove a device:** 35 | 36 | 1. In the **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)**, select **Devices** in the left navigation pane. 37 | 2. In the **Microsoft Managed Desktop** section, select **Devices**. 38 | 3. In the **Microsoft Managed Desktop Devices workspace**, select the devices you want to delete. 39 | 4. Select **Device actions**, and then select **Delete Device** which opens a fly-in to remove the devices. 40 | 5. In the fly-in, review the selected devices and then select **Remove devices**. If you want to also remove the Microsoft Entra ID and Intune objects at the same time, select the checkbox. Device removal can take a few minutes to complete. 41 | 42 | > [!NOTE] 43 | > You can't remove devices that are in a **pending** registration state. 44 | -------------------------------------------------------------------------------- /managed-desktop/operate/request-device-name-change.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device names and request device name changes 3 | description: How Microsoft Managed Desktop manages device names 4 | ms.service: m365-md 5 | author: tiaraquan 6 | f1.keywords: 7 | - NOCSH 8 | ms.author: tiaraquan 9 | ms.localizationpriority: medium 10 | ms.collection: 11 | - M365-modern-desktop 12 | - tier2 13 | manager: aaroncz 14 | ms.topic: retired 15 | audience: Admin 16 | ms.date: 11/18/2022 17 | --- 18 | 19 | # Device names 20 | 21 | Microsoft Managed Desktop uses Windows Autopilot, Microsoft Entra ID, and Microsoft Intune. 22 | 23 | For these services to work together seamlessly, devices need consistent, standardized names. Microsoft Managed Desktop applies the following standardized name formats when devices are enrolled: 24 | 25 | - `MMD-%RAND:11` 26 | - `[Kiosk-%RAND:9%](profiles.md#device-profile-details)`(for devices with the [Kiosk device profile](../operate/kiosk-device-profile.md) assigned) 27 | 28 | Windows Autopilot assigns these names. For more information about Autopilot, see [First-run experience with Autopilot and the Enrollment Status Page](../deploy/esp-first-run.md). 29 | 30 | ## Automated name changes 31 | 32 | If a device is renamed later, Microsoft Managed Desktop will automatically rename it to a new name in the standardized format. This process occurs every four hours. The name change takes place the next time the user restarts the device. 33 | 34 | ## Request device name change 35 | 36 | > [!IMPORTANT] 37 | > If your environment depends on specific device names (for example, to support a particular network configuration), you should investigate options to remove that dependency before enrolling in Microsoft Managed Desktop. 38 | 39 | If you must keep the name dependency, you can submit a request through the [admin center](../operate/support-request.md) to disable the renaming function and use your desired name format. 40 | -------------------------------------------------------------------------------- /managed-desktop/operate/reset-devices-factory.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Reset devices with a factory reset 3 | description: This article explains how to reset your devices with a factory reset 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | manager: aaroncz 15 | ms.topic: retired 16 | ms.date: 03/10/2023 17 | --- 18 | 19 | # Reset devices with a factory reset 20 | 21 | The Microsoft Managed Desktop Operations team can perform a factory reset of devices enrolled in the service when required. Resetting is helpful if you need to give a device to a different employee, or if an employee leaves your company. 22 | 23 | There are a few requirements: 24 | 25 | - Your global administrator must submit a [support request](../operate/support-request.md). 26 | - After receiving your global administrator's consent, the [Microsoft Managed Desktop Security Operations Team](../overview/support-teams.md#security-operations-center-team) can submit the request on your behalf. Include the device's computer name in the request. 27 | - The user account must be in the Microsoft Entra ID before we reset the device. 28 | 29 | [Microsoft Managed Desktop Operations Team](../overview/support-teams.md#service-engineering-team) will: 30 | 31 | - Look up the device name in Microsoft Intune. 32 | - Send the factory reset command to the device. 33 | 34 | > [!NOTE] 35 | > Do **not** remove the user account from Microsoft Entra ID before the device is reset. If the user isn't in Microsoft Entra ID, Intune can't send the factory reset command to the device. 36 | 37 | When the device has been reset, you can give it to a different person in your organization. None of the previous user's data or enterprise data will be on the device. The next user will go through the same process that the previous person did with a new Microsoft Managed Desktop device. 38 | 39 | The device will boot into the "out of box experience," and all preinstalled applications and settings will be applied again. The new user of the device must provide initial setup information again. 40 | 41 | BitLocker is a key component of data security in this process. With BitLocker encryption on Microsoft Managed Desktop devices, data on the drive remains secure even after the device has been factory-reset. Any data that was on the drive won't be available to the next user of the device. For more information, see [BitLocker overview](/windows/security/information-protection/bitlocker/bitlocker-overview) and [factory reset of a device](/mem/intune/remote-actions/devices-wipe#factory-reset-a-device). 42 | -------------------------------------------------------------------------------- /managed-desktop/operate/service-metrics-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Service metrics report 3 | description: How to use the service metrics report 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 02/18/2022 15 | --- 16 | 17 | # Service metrics report 18 | 19 | This report provides straightforward summaries of key metrics for Microsoft Managed Desktop month over month. 20 | 21 | This report will be published each month to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and contain aggregate information about the previous month. Historical reports will continue to be available to you through the same admin center for month-over-month comparisons. 22 | 23 | **To view the Service metrics report:** 24 | 25 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 26 | 1. Select **Reports**. 27 | 1. Navigate to the **Microsoft Managed Desktop** > **Managed devices**. 28 | 1. Select the **Reports** tab. In this view, you'll see all the types of Microsoft Managed Desktop reports available to you. 29 | 1. Select **Service reports** to see the list of service metrics reports that have been published for your tenant. Once downloaded, it can be viewed or shared with your organization offline and outside of the admin center. 30 | 31 | ## Report information 32 | 33 | Below are the data summaries provided in the report. 34 | 35 | | Data summary | Description | 36 | | ------ | ------ | 37 | | Service consumption | Learn how Microsoft Managed Desktop devices are being used in your organization. Watch this trend over time to ensure that most of your enrolled devices are Active or Synced. | 38 | | Windows feature updates | Review the distribution of feature update versions across your device estate. | 39 | |Windows quality updates | Quality updates are typically released on the second Tuesday of each month. You can see how quickly the last update was deployed to your Active devices, and review the quality update version of your entire device estate. | 40 | | Case management | Review trends for case creation, case closure, and average age based of the support request you create with our service engineers and security analysts. | 41 | | Incidents | Look at the summary stats for customer raised incidents and service raised incidents that were opened in the last month. | 42 | | Change requests | Review how many change requests your admins raised with our team last month, and see aggregate statistics on how quickly they were carried out. | 43 | | Request for information | Our team responds to requests for information in the order in which they're received (except for security related questions). You can see what categories admins are asking about the most in the last month. | 44 | | Security operations | Review the work of our security analysts to understand how many alerts they've investigated in the last month. Specific details of these cases won't be available in this report, but admins can check out alert specifics in the Microsoft 365 Security portal. | 45 | | User support | Occasionally, elevated access is required for user support scenarios in your organization. You can review the number of times the local admin password has been retrieved for your Microsoft Managed Desktop devices. | 46 | 47 | > [!NOTE] 48 | > Content included in this report may change slightly each month. We are always looking for the best way to share these details with you and will make updates to keep the most relevant information in this report. 49 | -------------------------------------------------------------------------------- /managed-desktop/operate/summary-dashboard.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Summary dashboard 3 | description: Provides a summary view of the current update status for all devices enrolled into Microsoft Managed Desktop. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | msreviewer: adnich 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Summary dashboard 19 | 20 | The Summary dashboard provides a summary view of the current update status for all devices enrolled into Microsoft Managed Desktop. 21 | 22 | **To view the current update status for all your enrolled devices:** 23 | 24 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 25 | 1. Navigate to **Reports** > **Microsoft Managed Desktop** > **Windows Quality Updates**. 26 | 27 | :::image type="content" source="../media/reports/summary-dashboard.png" alt-text="Summary dashboard" lightbox="../media/reports/summary-dashboard.png"::: 28 | 29 | > [!NOTE] 30 | > The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page. 31 | 32 | ## Report information 33 | 34 | The following information is available in the Summary dashboard: 35 | 36 | | Column name | Description | 37 | | ----- | ----- | 38 | | Quality update status | The device update state. For more information, see [Windows quality update status](../operate/reports.md#windows-quality-update-statuses). | 39 | | Devices | The number of devices showing as applicable for the state. | 40 | 41 | ## Report options 42 | 43 | The following option is available: 44 | 45 | | Option | Description | 46 | | ----- | ----- | 47 | | Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process will ensure that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. | 48 | -------------------------------------------------------------------------------- /managed-desktop/operate/teams.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Teams 3 | description: How Teams is installed on devices and updated afterwards 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation, apps, line-of-business apps, LOB apps 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | audience: ITPro 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Microsoft Teams 19 | 20 | [Teams](https://www.microsoft.com/microsoft-365/microsoft-teams/group-chat-software) is a [messaging app](https://support.microsoft.com/office/microsoft-teams-basics-6d5f52e6-5306-4096-ac24-c3082b79eaf0) that also provides a workspace for real-time collaboration and communication, meetings, and file and app sharing. 21 | 22 | ## Initial deployment 23 | 24 | Most hardware vendors don't yet include Teams as a part of their images. Microsoft Managed Desktop deploys Teams to your devices by using Microsoft Intune. All managed devices have the [Teams .msi package](/MicrosoftTeams/msi-deployment#how-the-microsoft-teams-msi-package-works) installed. The .msi package ensures all users, who sign in to a device, have Microsoft Teams ready to use. When the package first finishes installing, Teams automatically starts and adds a shortcut to the desktop. 25 | 26 | ### Microsoft Intune changes 27 | 28 | Microsoft Managed Desktop adds Microsoft Teams to your tenant: Modern Workplace - Teams Machine Wide Installer x64 29 | 30 | ## Updates 31 | 32 | Teams follows a separate update path from Microsoft 365 Apps for enterprise. The desktop client updates itself automatically. Teams checks for updates every few hours, downloads them, and then waits for the computer to be idle before silently installing the update. 33 | 34 | The Teams product group doesn't allow admins to control updates, so Microsoft Managed Desktop uses the [standard automatic update channel](/microsoftteams/teams-client-update#can-admins-deploy-updates-instead-of-teams-auto-updating). 35 | 36 | ### Manually updating Teams 37 | 38 | Individual users can also download updates. At the top right of the app, in the Profile dropdown, select **Check for updates**. If an update is available, it will be downloaded and silently installed when the computer is idle. 39 | 40 | ## Delivery optimization of updates 41 | 42 | Delivery optimization for Teams updates is turned on by default and requires no action from admins or users. 43 | -------------------------------------------------------------------------------- /managed-desktop/operate/test-windows-11.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Preview and test Windows 11 with Microsoft Managed Desktop 3 | description: How to get Windows 11 in your environment 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | manager: aaroncz 9 | ms.topic: retired 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier1 14 | ms.date: 11/18/2022 15 | --- 16 | 17 | # Preview and test Windows 11 with Microsoft Managed Desktop 18 | 19 | This article explains how to enroll and participate in the Windows 11 compatibility testing program within your Microsoft Managed Desktop environment. For more general information about Windows 11 and Microsoft Managed Desktop, see [Windows 11 and Microsoft Managed Desktop](../overview/win11-overview.md). 20 | 21 | ## Add devices to the Windows 11 test group 22 | 23 | We've created the device group (**Modern Workplace - Windows 11 Pre-Release Test Devices**) for testing and evaluating Windows 11. Despite "pre-release" in the name, devices in this group receive Windows 11 General Availability builds, and Microsoft Managed Desktop baseline configurations as they become available. They're monitored for reliability issues. 24 | 25 | You can use new devices or any existing devices for Windows 11 testing. However, you shouldn't enroll production devices in this group until you’re confident in the test devices' compatibility and overall experience. 26 | 27 | > [!IMPORTANT] 28 | > Once you've tested and upgraded your devices to Windows 11, the devices should be [**removed** from the Windows 11 Pre-Release Test Devices group](/azure/active-directory/fundamentals/how-to-manage-groups#remove-members-or-owners-of-a-group) to ensure they receive [updates](../operate/updates.md). By removing the devices from the Windows 11 Pre-Release Test Devices group, the devices will default to the assigned [deployment groups](../operate/deployment-groups.md). 29 | 30 | ## Prioritize applications to submit to the Test Base 31 | 32 | Business-critical applications are the best candidates for more validation in a closed Windows 11 environment. We can help you decide on apps for Windows 11 testing based on usage and reliability data. To request our recommendations, follow these steps: 33 | 34 | 1. Open a new support request with the Microsoft Managed Desktop Service Engineering team. If you need more info on how to file the request, see [support request](../operate/support-request.md). 35 | 2. Use these values for the fields: 36 | - Title: Windows 11 Test Base candidates 37 | - Request type: Request for information 38 | - Category: Apps 39 | - Subcategory: Other 40 | 41 | ## Report issues 42 | 43 | If you find Windows 11 compatibility issues with your line-of-business or Microsoft 365 apps, report them to us for investigation and remediation. To report an issue, follow these steps: 44 | 45 | 1. Open a new support request with the Microsoft Managed Desktop Service Engineering team. 46 | 2. Use these values for the fields: 47 | - Title: Windows 11 compatibility testing 48 | - Request type: Incident 49 | - Category: Devices 50 | - Subcategory: Windows Upgrade/Update 51 | 52 | 3. Describe the behavior and how severely it would hinder your business in a production environment. 53 | 54 | Microsoft Managed Desktop triages and handles Windows 11 issues based on the effect on productivity. When the request is opened, we'll communicate, with customer admins, to ensure issues that block user productivity are resolved before starting broader Windows 11 migrations within any given tenant. 55 | -------------------------------------------------------------------------------- /managed-desktop/operate/update-communications.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Windows quality update communications 3 | description: This article explains Windows quality and feature update communications 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.collection: 14 | - M365-modern-desktop 15 | - tier1 16 | ms.date: 01/20/2023 17 | --- 18 | 19 | # Windows quality update communications 20 | 21 | There are three categories of communication that are sent out during a Windows quality and feature update: 22 | 23 | - [Standard communications](#standard-communications) 24 | - [Communications during release](#communications-during-release) 25 | - [Incident communications](#incident-communications) 26 | 27 | Communications are posted to, as appropriate for the type of communication, to the: 28 | 29 | - Message center 30 | - Service health dashboard 31 | - Microsoft Managed Desktop messages section of the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) 32 | 33 | :::image type="content" source="../operate/media/update-communications.png" alt-text="Update communications timeline" lightbox="../operate/media/update-communications.png"::: 34 | 35 | ## Standard communications 36 | 37 | | Communication | Location | Timing | Description | 38 | | ----- | ----- | ----- | ----- | 39 | | Release schedule |
              • Message center
              • Messages blade
              • Email sent to your specified [admin contacts](../prepare/add-admin-contacts.md)
                  • | At least seven days prior to the second Tuesday of the month| Notification of the planned release window for each ring. | 40 | | Release start | Same as release schedule | The second Tuesday of every month. | Notification that the update is now being released into your environment. | 41 | | Release summary | Same as release schedule | The fourth Tuesday of every month. | Informs you of the percentage of eligible devices that were patched during the release. | 42 | 43 | ## Communications during release 44 | 45 | The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Microsoft Intune Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Microsoft Managed Desktop becomes aware of the new information. 46 | 47 | There are some circumstances where Microsoft Managed Desktop will need to change the release schedule based on new information. 48 | 49 | For example, new threat intelligence may require us to expedite a release, or we may pause due to user experience concerns. If the schedule of a quality update is changed, paused, resumed, or expedited, we'll inform you as quickly as possible so that you can adapt to the new information. 50 | 51 | ## Incident communications 52 | 53 | Despite the best intentions, every service should plan for failure and success. When there's an incident, timely and transparent communication is key to building and maintaining your trust. If insufficient numbers of devices have been updated to meet the service level objective, devices will experience an interruption to productivity and an incident will be raised. Microsoft will update the status of the incident at least once every 24 hours. 54 | -------------------------------------------------------------------------------- /managed-desktop/operate/windows-quality-update-signals.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Windows quality update signals 3 | description: This article explains the Windows quality update signals 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.collection: 14 | - M365-modern-desktop 15 | - tier1 16 | ms.date: 01/20/2023 17 | --- 18 | 19 | # Windows quality update signals 20 | 21 | Microsoft Managed Desktop monitors a specific set of signals and aims to release quality updates both quickly and safely. The service doesn't comprehensively monitor every use case in Windows. 22 | 23 | If there's a scenario that is critical to your business, which isn't monitored by Microsoft Managed Desktop, you're responsible for testing and taking any follow-up actions, like requesting to pause the release. 24 | 25 | ## Pre-release signals 26 | 27 | Before being released to the Test ring, Microsoft Managed Desktop reviews several data sources to determine if we need to send any customer advisories or need to pause the update. Situations where Microsoft Managed Desktop doesn't release an update to the Test ring are seldom occurrences. 28 | 29 | | Pre-release signal | Description | 30 | | ----- | ----- | 31 | | Windows Payload Review | The contents of the B release are reviewed to help focus your update testing on areas that have changed. If any relevant changes are detected, a [customer advisory](../operate/update-communications.md#communications-during-release) will be sent out. | 32 | | C-Release Review - Internal Signals | Microsoft Managed Desktop reviews active incidents associated with the previous C release to understand potential risks in the B release. | 33 | | C-Release Review - Social Signals | Microsoft Managed Desktop monitors social signals to better understand potential risks associated with the B release. | 34 | 35 | ## Early signals 36 | 37 | The update is released to the Test ring on the second Tuesday of the month. Those test devices will update, allowing you to conduct early testing of critical scenarios in your environment. There are also several new Microsoft internal signals that have become available to the service that are monitored throughout the release. 38 | 39 | | Device reliability signal | Description | Microsoft will | 40 | | ----- | ----- | ----- | 41 | | Security Risk Profile | As soon as the update is released, the criticality of the security content is assessed. |
                  • Consider expediting the release
                  • Update customers with a risk profile
                  42 | | B-Release - Internal Signals | Microsoft Managed Desktop reviews any active incidents associated with the current release. |
                  • Determine if a customer advisory is necessary
                  • Pause the release if there's significant user impact
                  | 43 | | B-Release - Social Signals | Microsoft Managed Desktop monitors social signals to understand risks associated with the release. | Determine if a customer advisory is necessary | 44 | 45 | ## Device reliability signals 46 | 47 | Microsoft Managed Desktop monitors devices for a set of core reliability metrics as a part of the service. 48 | 49 | The service then uses statistical models to assess if there are significant differences between the two Windows versions. To make a statistically significant assessment, Microsoft Managed Desktop requires that at least 500 devices in your tenant have upgraded to the new version. 50 | 51 | As more devices update, the confidence of the analysis increases and gives us a clearer picture of release quality. If we determine that the user experience is impaired, MIcrosoft Managed Desktop will either post a customer advisory or pause the release, depending on the criticality of the update. 52 | 53 | Microsoft Managed Desktop monitors the following reliability signals: 54 | 55 | | Device reliability signal | Description | 56 | | ----- | ----- | 57 | | Blue screens | These events are highly disruptive to end users. These events are closely monitored. | 58 | | Overall app reliability | Tracks the total number of app crashes and freezes on a device. A known limitation with this measure is that if one app becomes 10% more reliable and another becomes 10% less reliable then it shows up as a flat line in the measure. | 59 | | Microsoft Office reliability | Tracks the number of Office crashes and freezes per application per device. | 60 | | Microsoft Edge reliability | Tracks the number of Microsoft Edge crashes and freezes per device. | 61 | | Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. | 62 | 63 | When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Microsoft Managed Desktop can detect regressions that are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers. 64 | -------------------------------------------------------------------------------- /managed-desktop/overview/core-applications.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Core applications 3 | description: This article lists the core apps used in Microsoft Managed Desktop. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Core applications 18 | 19 | ## Office 365 E3 or E5 20 | 21 | The following apps are included in Microsoft Managed Desktop 22 | 23 | | Product | Information | 24 | | ----- | ----- | 25 | | Microsoft 365 Apps for enterprise (64-bit) | The following Office applications will be shipped with the device:
                  • Word
                  • Excel
                  • PowerPoint
                  • Outlook
                  • Publisher
                  • Access
                  • Skype for Business
                  • OneNote

                  The 64-bit full versions of Microsoft Project and Microsoft Visio aren't included. However, since the installation of these applications depends on the Microsoft 365 Apps for Enterprise installation, Microsoft Managed Desktop created default Microsoft Intune deployments, and security groups that you can use to deploy these applications to licensed users. For more information, see [Install Microsoft Project or Microsoft Visio on Microsoft Managed Desktop devices](../operate/project-visio.md). | 26 | | OneDrive | Microsoft Entra Single Sign On is enabled for users when they first sign in to OneDrive.

                  Known Folder Redirection for Desktop, Document, and Pictures folders are included. These folders are enabled and configured by Microsoft Managed Desktop. | 27 | | Store Apps | Microsoft Sway and Power BI aren't shipped with the device. These apps are available for download from Microsoft Store. | 28 | | Win32 Applications | Teams isn't shipped with the device, but it's packaged and provided by Microsoft for Microsoft Managed Desktop devices. Azure Information Protection Client isn't shipped with the device, but you can have it packaged for deployment. | 29 | | Web Applications | The following web applications aren't shipped with the device:
                  • Viva Engage
                  • Office in a browser
                  • Delve
                  • Flow
                  • StaffHub
                  • Power Apps
                  • Planner

                  Users can access the web version of these applications with a browser. | 30 | -------------------------------------------------------------------------------- /managed-desktop/overview/device-services.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Managed Desktop device services 3 | description: This article lists device services and limitation for Microsoft Managed Desktop. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Microsoft Managed Desktop device services 18 | 19 | This article lists the services and service limitations for Microsoft Managed Desktop devices. 20 | 21 | ## Device services 22 | 23 | Microsoft will provide the following services for Microsoft Managed Desktop devices. For a list of recommended Microsoft Managed Desktop program devices, filter for Microsoft Managed Desktop on the [Shop Windows Pro business devices](https://www.microsoft.com/windows/business/devices) page. 24 | 25 | | Service | Description | 26 | | ----- | ----- | 27 | | Support | Support agents will answer questions directly related to device functionality and diagnose device issues. 28 | | Inventory | All devices are tracked in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) for inventory and status. 29 | | Firmware and driver updates | By default, Microsoft Managed Desktop devices receive firmware and driver updates from Windows Update.

                  Not all hardware partners deploy their updates via Windows Update. Updates not published as Automatic require an exception and must be deployed by the customer. 30 | | Accessories | Accessories that come with your device are covered by the same services as the device itself, but warranty terms may differ. Refer to the warranty terms when selecting your devices. 31 | | Device setup | Devices will be pre-configured with the current version of Windows and receive their apps and configurations via the cloud. 32 | 33 | For information on device replacement, upgrades, and support terms, see your agreement with your device provider and your warranty terms. 34 | 35 | For information on Surface warranties and repairs: 36 | 37 | - [Surface for Business Help Center](https://support.microsoft.com/hub/4339296/surface-for-business-help) 38 | - [Warranties, extended service plans, and terms and conditions for your device](https://support.microsoft.com/help/4040687/info-about-warranties-extended-service-plans-and-terms-conditions) 39 | 40 | ## Device service limitations 41 | 42 | Microsoft won't provide service for these items: 43 | 44 | | Service | Description | 45 | | ----- | ----- | 46 | | Personalization | Devices and accessories provided with the service are unable to be customized.

                  All devices and accessories are provided with standard branding, specification, and color combinations. Application deployment and policy configurations are handled through IT-as-a-Service. 47 | | Data recovery | User and team data, including personalization, is stored in OneDrive for Business, with only the cache data residing locally.

                  If data is intentionally stored on the device's internal storage system, any data recovery must be attempted, and completed prior to returning the device to Microsoft. 48 | | Device setup | Devices are delivered to the customer address. The device must be powered on and set up by the customer. 49 | -------------------------------------------------------------------------------- /managed-desktop/overview/regions-languages.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Supported regions 3 | description: Regions supported by Microsoft Managed Desktop 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | ms.localizationpriority: medium 11 | ms.collection: 12 | - M365-modern-desktop 13 | - tier2 14 | manager: aaroncz 15 | ms.topic: retired 16 | audience: Admin 17 | ms.date: 12/06/2022 18 | --- 19 | 20 | # Supported regions 21 | 22 | This article provides details about which regions support Microsoft Managed Desktop. 23 | 24 | You can still use managed devices outside of these regions without interruption to the Microsoft Managed Desktop service. For example, an employee in the United Kingdom can work securely and receive updates on their managed device while traveling to Asia, Europe, or South America. 25 | 26 | For more information about languages supported by Microsoft Managed Desktop, see [Localize devices for users](../deploy/localization.md). 27 | 28 | For more information about user support with Microsoft Managed Desktop, see [Support for Microsoft Managed Desktop](../operate/support-request.md). 29 | 30 | ## Service availability 31 | 32 | Organizations in the following countries can subscribe to Microsoft Managed Desktop: 33 | 34 | - United States 35 | - Canada (excluding Quebec) 36 | - United Kingdom 37 | - Ireland 38 | - Belgium 39 | - Luxembourg 40 | - Netherlands 41 | - Sweden 42 | - Finland 43 | - Norway 44 | - Denmark 45 | - Iceland 46 | - Australia 47 | - New Zealand 48 | -------------------------------------------------------------------------------- /managed-desktop/overview/security-operations.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Security operations 3 | description: Services and processes provided by the Security Operations Center 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | - essentials-security 12 | ms.author: tiaraquan 13 | manager: aaroncz 14 | ms.topic: retired 15 | ms.date: 03/10/2023 16 | --- 17 | 18 | # Security operations 19 | 20 | The Microsoft Managed Desktop Security Operations Center (SOC) partners with your information security staff to keep your desktop environment secure. Our [Service Engineering Team](../overview/support-teams.md#service-engineering-team) receives and responds to all security alerts on managed devices with expert analysis. When needed, we drive security incident response activities. For more information about working with the SOC, review operational documentation in your [admin portal](https://aka.ms/mmd-STP-processflows). 21 | 22 | Our [Security Operations Center (SOC) Team](../overview/support-teams.md#security-operations-center-team) offers 24/7/365 coverage with expertise in the current and emerging threat landscape, including common attack methods through software, network, or human adversaries. 23 | 24 | Our SOC team provides the following services: 25 | 26 | | Service | Description | 27 | | ------ | ------ | 28 | | Quick response to detected events |
                  • Respond to alerts received from Microsoft Managed Desktop devices
                  • Analyze event to identify the impact
                  • Assess the overall risk to a device or Microsoft Managed Desktop environment
                  • Determine if a security incident occurred
                  29 | | Drive the security incident response |
                  • Protect the Microsoft Managed Desktop environment from known or suspected compromises
                  • Reduce the compromise risk by preventing spread
                  • Ensure timely and accurate communication with your [security team](../prepare/add-admin-contacts.md)
                  • Provide analysis and recommendations based on events and risks
                  | 30 | | [Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview) |
                  • Provide analysis and recommendations based on events and risks
                  • Customized detections and alert suppression, across managed devices, are part of on-demand indicators and entities for both known and potential threats | 31 | 32 | ## Processes 33 | 34 | | Process | Description | 35 | | ------ | ------ | 36 | | Microsoft Managed Desktop Security Operations Center (SOC) | Microsoft Managed Desktop Security Operations is staffed by full-time Microsoft employees in partnership with Microsoft's [Cyber Defense Operations Center](https://www.microsoft.com/msrc/cdoc). Our [SOC](../overview/support-teams.md#security-operations-center-team) uses collective signals from across our company, both internal and external, to protect your devices—even from things we haven't yet seen in Microsoft Managed Desktop. | 37 | | Microsoft Managed Desktop security solutions | Microsoft security solutions align to many cybersecurity protection standards. SOC operations are based on the National Institute of Standards and Technology Computer Security Incident Response Handling Guide (NIST 800-61 r2).

                    The process allows for:

                    • Proper collection of information and evidence
                    • Analysis and documentation
                    • Post-recovery insights to better defend your environment through the following phases:
                      • Preparation, detection, and analysis
                      • Containment
                      • Eradication
                      • Recovery
                      • Post-incident activity

                    | 38 | | Microsoft Defender Threat Experts Service | Microsoft Managed Desktop customers are eligible to enroll in the Microsoft Defender Experts - Endpoint Attack Notification service. The [SOC Team](../overview/support-teams.md#security-operations-center-team) liaises with this service to understand better the complex threats affecting the Microsoft Managed Desktop environment, including:
                    • Alert inquiries
                    • Potentially compromised devices
                    • Root cause of a suspicious network connection
                    • Other threat intelligence regarding ongoing advanced persistent threat campaigns.
                    For more information, see [Microsoft Threat Experts](/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts).| 39 | -------------------------------------------------------------------------------- /managed-desktop/overview/support-teams.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Managed Desktop support teams 3 | description: This article describes the SE and SOC teams in Microsoft Managed Desktop 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/10/2023 15 | --- 16 | 17 | # Microsoft Managed Desktop support teams 18 | 19 | There are two Microsoft Managed Desktop teams to support your organization. 20 | 21 | ## Service Engineering team 22 | 23 | The Service Engineering (“operations”) team operates the Microsoft Managed Desktop service including responding to [support requests](../operate/support-request.md) such as: 24 | 25 | - Incidents 26 | - Requests for information 27 | - Change requests 28 | 29 | For a general description of the service, see [Microsoft Managed Desktop service plan description](../overview/service-plan.md#service-plan-description). 30 | 31 | For information, see [standard operating procedures](../overview/standard-operating-procedures.md). 32 | 33 | ## Security Operations Center team 34 | 35 | Our Security Operations Center (SOC) team protects Microsoft Managed Desktop devices including monitoring security threats, responding to security alerts, and managing security incidents. 36 | 37 | For more information, see [security technologies](../overview/security-technologies.md) to learn about the technologies we use to secure the services. [Security operations](../overview/security-operations.md) describes the security-related processes we use. 38 | -------------------------------------------------------------------------------- /managed-desktop/overview/tenant-access.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Tenant access and service accounts 3 | description: This article describes how Microsoft Managed Desktop uses service and/or guest accounts to access your tenant 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/10/2023 15 | --- 16 | 17 | # Tenant access and service accounts 18 | 19 | To successfully use the Microsoft Managed Desktop service, we require a service account and a temporary guest account to be created in your “tenant”. 20 | 21 | The [Microsoft Managed Desktop Operations team](../overview/support-teams.md) will request one-time access to your tenant to operate the Microsoft Managed Desktop service and help you secure your tenant. This article explains how Microsoft Managed Desktop accesses your tenant to operate the service. 22 | 23 | ## Service account access 24 | 25 | Microsoft Managed Desktop creates different service accounts during the enrollment process. 26 | 27 | These accounts remain active while using the service. Microsoft Managed Desktop service engineers exclusively use interactive and non-interactive accounts to perform the service, together with mandatory controls. 28 | 29 | ### Examples of how Microsoft Managed Desktop uses service accounts 30 | 31 | - The [Microsoft Managed Desktop Service Engineering team](../overview/support-teams.md#service-engineering-team) accesses the interactive account through the Microsoft Intune admin center and uses it to change the security policy setting. 32 | - The [Microsoft Managed Desktop Secure Operations Centers (SOC) team](../overview/support-teams.md#security-operations-center-team) will use an interactive account to access the Microsoft Defender XDR security portal to perform auditing needs with read-only privilege. 33 | - The Microsoft Managed Desktop service uses non-interactive accounts to make automated changes. One example would be when a service engineer needs to update a deployment or configuration or perform other changes through a partner API. 34 | 35 | ## Guest account access 36 | 37 | Microsoft Managed Desktop uses guest account access during two types of events in your Microsoft Entra organization: 38 | 39 | - During enrollment, the required groups are created by the service software. 40 | - When access to your Microsoft Entra organization is required, a service engineer’s operational account is elevated from being a user in the Microsoft.com tenant to one of the role groups in your tenant. 41 | 42 | Guest account access is temporary and requires Two-Key completion, whereby anyone on the [Microsoft Managed Desktop Service Engineering or SOC teams](../overview/support-teams.md) is allowed to approve the request. 43 | 44 | We’ll send an email to the Microsoft Managed Desktop Service Engineering team alias to request a second person to approve the request. Once approved, an approval notification email is sent to the requester. For more information on guest account settings, see [Guest account prerequisites](../prepare/guest-accounts.md). 45 | -------------------------------------------------------------------------------- /managed-desktop/prepare/add-admin-contacts.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Add and verify admin contacts in the Admin portal 3 | description: Tell us who to contact for each area of focus. 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Add and verify admin contacts in the admin center 18 | 19 | There are several ways that Microsoft Managed Desktop service communicates with customers. To streamline communication and ensure we're checking with the right people, you must provide a set of admin contacts. Microsoft Managed Desktop IT Operations will contact these people for assistance with fixing issues. 20 | 21 | > [!IMPORTANT] 22 | > You might have already added these contacts in the admin center. If so, take a moment now to double-check that the contact list is accurate, since Microsoft Managed Desktop **must** be able to reach them if a severe incident occurs. 23 | 24 | ## Admin contact areas of focus 25 | 26 | Admin contacts should be the best person or group that can answer questions and make decisions for different areas of focus. **Microsoft Managed Desktop Operations will contact these Admin contacts for questions involving support requests filed by the customer.** These Admin contacts will receive notifications for support request updates and new messages. These areas include: 27 | 28 | | Area of focus | For questions about | 29 | | ----- | ----- | 30 | | App packaging | Fixing app packaging. | 31 | | Devices | Device health | 32 | | Security | Fixing security issues with Microsoft Managed Desktop devices. | 33 | | IT help desk | In cases where our support staff hands over user tickets outside of Microsoft Managed Desktop support areas. | 34 | | Other | For issues not covered by other areas. | 35 | 36 | > [!IMPORTANT] 37 | > **Whoever you choose for these contacts must have the knowledge and authority to make decisions for your Microsoft Managed Desktop environment.** 38 | 39 | When you onboard your Microsoft Managed Desktop environment, you're prompted to add contacts for your local Helpdesk and Security. 40 | 41 | Admin contacts are required when you [submit a Support request](../operate/support-request.md). You must have an admin contact for the focus area of the Support request. 42 | 43 | **To add admin contacts:** 44 | 45 | 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 46 | 1. Under **Tenant administration**, in the **Microsoft Managed Desktop** section, select **Admin contacts**. 47 | 1. Select **Add**. 48 | 1. Select an **Area of focus** and enter the info for the contact. 49 | 50 | ![the list of areas of focus, such as Other, Apps, and Security.](../media/areaoffocus.png) 51 | 52 | 1. Repeat for each area of focus. 53 | -------------------------------------------------------------------------------- /managed-desktop/prepare/app-requirements.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: App requirements 3 | description: Management tools we use 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | ms.localizationpriority: medium 9 | ms.collection: 10 | - M365-modern-desktop 11 | - tier1 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/17/2023 15 | --- 16 | 17 | # App requirements 18 | 19 | 20 | 21 | 22 | 23 | Microsoft Managed Desktop requires that we manage devices using a specific approach to optimize for reliability and serviceability of devices. 24 | 25 | | Management area | Microsoft Managed Desktop approach | 26 | | ----- | ----- | 27 | | Device configuration or policy management | Microsoft Intune | 28 | | Application management | Microsoft Intune and Company Portal | 29 | | Application deployment | For more information, see:
                    • [App control](../prepare/app-control.md)
                    • [Deploy apps](../deploy/deploy-apps.md)
                    • [Autopilot into co-management](../prepare/autopilot-co-management.md)
                    | 30 | | Driver deployment | Drivers included with the device, Windows Update, or Intune. | 31 | | Device security | See [Device security](../overview/security-technologies.md#device-security). | 32 | | Identity and access management | See [Identity and access management](../overview/security-technologies.md#identity-and-access-management). | 33 | | Network security | See [Network security](../overview/security-technologies.md#network-security). | 34 | | Information security | See [Information security](../overview/security-technologies.md#information-security). | 35 | | Data recovery | OneDrive for Business | 36 | | Core productivity | Microsoft 365 Apps for enterprise | 37 | | Browser | Microsoft Edge | 38 | 39 | Microsoft Managed Desktop reserves the right to monitor devices and software for negative or reduced performance. If any software negatively affects device management, device security, performance, or reliability, you might be required to [request an exception to the service plan](../overview/exceptions-to-service-plan.md). 40 | -------------------------------------------------------------------------------- /managed-desktop/prepare/company-portal.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Install the Intune Company Portal on devices 3 | description: Info on installing company portal app on Microsoft Managed Desktop devices 4 | keywords: Microsoft Managed Desktop, Microsoft 365, Company Portal 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 03/17/2023 15 | --- 16 | 17 | # Install the Intune Company Portal on devices 18 | 19 | Microsoft Managed Desktop requires the Intune Company Portal on Microsoft Managed Desktop enrolled devices. If the app hasn’t been added to your tenant, Microsoft Managed Desktop will add the app to your tenant during enrollment. 20 | 21 | The benefits to your organization include: 22 | 23 | - One place to browse and install available applications. 24 | - IT administrators can organize applications by categories for their users. 25 | - Deploy apps like [Microsoft Project and Microsoft Visio](../operate/project-visio.md) with Microsoft Managed Desktop. 26 | -------------------------------------------------------------------------------- /managed-desktop/prepare/device-requirements.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Device requirements 3 | description: Summary of the minimum hardware and software requirements for devices to work with Microsoft Managed Desktop 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Device requirements 18 | 19 | Microsoft Managed Desktop regularly evaluates device requirements to be included in the service. This article describes the hardware and software requirements a device must meet in order to work with Microsoft Managed Desktop. 20 | 21 | You can review a list of specific devices already approved for use based on these requirements. Filter for Microsoft Managed Desktop in the [Shop Windows Pro business devices](https://www.microsoft.com/windows/business/devices) page. 22 | 23 | > [!NOTE] 24 | > These requirements can change at any time, but we'll provide 30 days notice of any hardware requirement changes. The requirements most recently changed are marked with \*. 25 | 26 | ## Check hardware requirements 27 | 28 | Besides reviewing device specs, you can also use the downloadable [readiness assessment checker](../prepare/readiness-assessment-downloadable.md) to verify that the device meets the necessary requirements. 29 | 30 | This tool also checks network settings and endpoints that are necessary for the service to work. 31 | 32 | ## Minimum requirements 33 | 34 | To be enrolled in Microsoft Managed Desktop, a device must meet or exceed all of these requirements. 35 | 36 | ### Manufacturer 37 | 38 | The device must have been made by one of these manufacturers: 39 | 40 | - Dell 41 | - HP 42 | - Lenovo 43 | - Microsoft 44 | 45 | > [!NOTE] 46 | > As of Mar 01, 2022, devices managed by Microsoft Managed Desktop must be supported by the OEM.

                    Work with your OEM to find out when devices in your portfolio will reach end of life support. Customers will be responsible for ensuring devices are replaced prior to end of life support. Any devices falling outside of OEM support will continue to be managed by Microsoft Managed Desktop, but support for these devices may be limited as they are at risk of security and performance issues that may not be mitigated by our service. 47 | 48 | 49 | ### Installed software 50 | 51 | The device must have this software preinstalled: 52 | 53 | - \* Windows 10 or Windows 11: Enterprise, Pro, or Pro Workstation edition. 54 | - 64-bit version of Microsoft 365 Apps for Enterprise. 55 | - All applicable device drivers. 56 | 57 | ### Physical features 58 | 59 | Devices must have these capabilities: 60 | 61 | - Enabled for UEFI secure boot. 62 | - Trusted Platform Module 2.0. 63 | - Capable of Virtualization-based security. 64 | - [Hypervisor-protected code integrity](/windows-hardware/drivers/bringup/device-guard-and-credential-guard) supported by the BIOS. 65 | 66 | For more about these capabilities and the technologies related to them that the service uses, see [Microsoft Managed Desktop technologies](../overview/operating-system.md). 67 | 68 | > [!NOTE] 69 | >- ARM processors aren't supported. 70 | >- \* Windows 11 has additional [hardware requirements](/windows/whats-new/windows-11-requirements). 71 | 72 | Devices should meet or exceed following limits for storage and memory: 73 | 74 | - Boot drive must be any type other than a hard disk. For example, SSD, NVMe, and eMMC drives are all valid choices. 75 | - Boot drive must have a capacity of at least 128 GB. 76 | - Internal device memory (RAM) must equal or exceed 8 GB. 77 | 78 | If the device was made after July 1, 2020, it should also have an IR camera, fingerprint reader, or both, in order to support [Windows Hello](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security). 79 | 80 | ## Recommended features 81 | 82 | Your users will have a much better experience if you choose devices that have these features: 83 | 84 | - Either an Intel vPro-platform processor or an AMD Ryzen Pro processor. 85 | - Boot drive of the SSD type with a capacity of at least 256 GB. 86 | - Internal device memory (RAM) of at least 16 GB. 87 | - Support for Modern Standby. 88 | - Device is of Secured-core PC type. 89 | - Supports Kernel DMA Protection. 90 | -------------------------------------------------------------------------------- /managed-desktop/prepare/enroll-your-tenant.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Enroll your tenant 3 | description: Info on how to enroll the tenant into the service 4 | keywords: Microsoft Managed Desktop, Microsoft 365, Company Portal 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Enroll your tenant 18 | 19 | > [!NOTE] 20 | > You must be logged in as a Global Administrator to complete enrollment. For more information, see [access the admin center](../prepare/access-admin-center.md) for details. 21 | 22 | Once your tenant has been enabled for enrollment, open [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to **Tenant Administration**. In the **Microsoft Managed Desktop** section, select **Tenant enrollment**. Then, follow the prompts to enroll your tenant with Microsoft Managed Desktop. 23 | -------------------------------------------------------------------------------- /managed-desktop/prepare/enterprise-state-roaming.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Enable Enterprise State Roaming 3 | description: This article describes how to enable enterprise state roaming 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier2 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | ms.date: 12/06/2022 15 | --- 16 | 17 | # Enable Enterprise State Roaming 18 | 19 | [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) lets users securely synchronize user and application settings data to the cloud. This means they'll have the same experience no matter which Windows device they sign into. For example, if you replace one of their Microsoft Managed Desktop devices with a new device, it will look and behave exactly the same as the last one. 20 | 21 | Enterprise State Roaming is an optional feature for the Microsoft Managed Desktop service that you can configure for your users. It isn't included or managed as part of Microsoft Managed Desktop. 22 | 23 | To enable Enterprise State Roaming, follow the steps in [Enable Enterprise State Roaming in Microsoft Entra ID](/azure/active-directory/devices/enterprise-state-roaming-enable). 24 | 25 | >[!NOTE] 26 | >If you enable Enterprise State Roaming, your preferred language list will overwrite the language selected during device setup. Although users can fix this easily, it could cause an inconsistent localization experience initially. Determine if Enterprise State Roaming is right for your users before setting up devices. 27 | -------------------------------------------------------------------------------- /managed-desktop/prepare/mapped-drives.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Prepare mapped drives 3 | description: Important steps to make sure users can access data on mapped drives 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | ms.localizationpriority: medium 9 | ms.collection: 10 | - M365-modern-desktop 11 | - tier2 12 | manager: aaroncz 13 | ms.topic: retired 14 | audience: Admin 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Prepare mapped drives 19 | 20 | Many enterprise environments have legacy requirements for mapped drives to allow their users or teams to share and store files, or for on-premises applications. 21 | 22 | Microsoft doesn't recommend the use of mapped drives with the Microsoft Managed Desktop. Instead, we recommend that you modernize your file access solutions as follows: 23 | 24 | - Migrate mapped drives used by individual users to OneDrive for Business. 25 | - Migrate mapped drives used by teams to share files to SharePoint Online. 26 | - Modernize or replace any applications that use on-premises file shares to remove that requirement. 27 | 28 | Modernizing these services will allow the best user experience with Microsoft Managed Desktop. Microsoft FastTrack Services can assist you in modernizing your environment by using Microsoft Cloud Services. You can check whether you're eligible for FastTrack services at [Eligible Services and Plans](/fasttrack/m365-eligible-services-and-plans). Then, contact them directly to prepare for Microsoft Managed Desktop. For more information about FastTrack OneDrive for Business or SharePoint Online Migration, see [Data Migration](/fasttrack/o365-data-migration). 29 | 30 | ## Mapped drives on Microsoft Managed Desktop 31 | 32 | If you can't remove or replace mapped drives for some use cases, you should [submit a support request](../operate/support-request.md) to have them deployed to Microsoft Managed Desktop users. 33 | 34 | For such a request, you must provide the following details in the support request: 35 | 36 | - All UNC paths to file share locations that will need to be mapped for Microsoft Managed Desktop devices. 37 | - User groups that require access to these file share locations. 38 | - Any specific drive letter that needs to be assigned (if necessary). 39 | 40 | For example: 41 | 42 | | Drive letter | UNC path | User group | 43 | |--------------|----------|------------| 44 | | X: | \\\server\share\Marketing | ContosoMarketing | 45 | 46 | It's entirely your responsibility to: 47 | 48 | - Ensure that users and groups have, and maintain, the right permissions to access file share locations 49 | - Have the on-premises file services accessible. 50 | 51 | You should remove your requirements for such file shares as soon as possible. 52 | 53 | **To have mapped drives deployed in Microsoft Managed Desktop:** 54 | 55 | Make sure that mapped drives can't be avoided and you've carefully reviewed the requirements before submitting any support request. 56 | 57 | 1. Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and select **Troubleshooting + support**. 58 | 1. In the **Microsoft Managed Desktop** section, select **Service requests**. 59 | 1. Submit a support request titled "Mapped drives deployment" and provide all the required file share details. 60 | 1. Microsoft Managed Desktop IT Operations will advise, by using support request updates, when the request has been completed. Initially this configuration will only be deployed to devices in the Test deployment group. 61 | 1. You must test and confirm whether the configuration deployed by the Microsoft Managed Desktop IT Operations works as you expect. 62 | 1. In the same support request, reply using the **Discussion** tab to notify Microsoft Managed Desktop IT Operations once you've completed your testing. 63 | 1. Microsoft Managed Desktop IT Operations team will then deploy the configuration to the other deployment groups. 64 | -------------------------------------------------------------------------------- /managed-desktop/prepare/prepare-devices-for-registration.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Prepare devices for registration 3 | description: Prepare new devices or reuse existing ones that qualify 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | ms.localizationpriority: medium 9 | ms.collection: 10 | - M365-modern-desktop 11 | - tier1 12 | manager: aaroncz 13 | ms.topic: retired 14 | audience: Admin 15 | ms.date: 07/29/2022 16 | --- 17 | 18 | # Prepare devices for registration 19 | 20 | You can use both new and existing devices in Microsoft Managed Desktop. 21 | 22 | ## Obtain new devices 23 | 24 | We recommend working with one of our approved device partners. You can work with your Microsoft account contact for more help setting up a device partnership. 25 | 26 | **To obtain new devices:** 27 | 28 | 1. Review the list of currently recommended devices by filtering for Microsoft Managed Desktop in the [Shop Windows Pro business devices](https://www.microsoft.com/windows/business/devices) site. 29 | 1. Order one or a few examples of the devices you want to use with a compliant image. Ordering might require [specific ordering steps](../prepare/device-images.md). 30 | 1. [Validate](../deploy/validate-device.md) the example devices. 31 | 1. After successful validation, order the devices, working with an approved device partner. 32 | 1. Once they've arrived, either: 33 | - [Manually register](../prepare/manual-registration.md). 34 | - Work with a partner to register the devices. 35 | 1. [Get your users ready](../deploy/get-started-devices.md) to use Microsoft Managed Desktop devices. 36 | 37 | ## Reuse existing devices 38 | 39 | > [!IMPORTANT] 40 | >Check that your existing devices meet our [device requirements](../prepare/device-requirements.md). You can also use the downloadable [readiness assessment checker](../prepare/readiness-assessment-downloadable.md) to verify that a given device meets the necessary requirements.

                    If you reuse an existing device, you may have to reimage it. For image options, see [Device images](../prepare/device-images.md). 41 | 42 | **To reuse existing devices:** 43 | 44 | 1. Select one or a few examples of the devices you want to reuse, and then [validate them](../deploy/validate-device.md). 45 | 1. After successful validation, either: 46 | - [Manually register existing devices](../prepare/manual-registration-existing-devices.md). 47 | - Work with a partner to register the devices. 48 | 1. [Get your users ready](../deploy/get-started-devices.md) to use Microsoft Managed Desktop devices. 49 | -------------------------------------------------------------------------------- /managed-desktop/prepare/printing.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Prepare printing resources 3 | description: Important steps to make sure printing work smoothly 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.author: tiaraquan 8 | ms.localizationpriority: medium 9 | ms.collection: 10 | - M365-modern-desktop 11 | - tier2 12 | manager: aaroncz 13 | ms.topic: retired 14 | audience: Admin 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Prepare printing resources 19 | 20 | As you get ready to enroll in Microsoft Managed Desktop, you should evaluate your printing requirements and determine the right approach for your environment. You have three options: 21 | 22 | | Option | Description | 23 | | ------ | ------ | 24 | | Deploy the Microsoft Universal Print solution | The Microsoft Universal Print solution to make it easy for Microsoft Managed Desktop devices to discover printers. For more information, see [What is Universal Print](/universal-print/fundamentals/universal-print-whatis). | 25 | | Deploy printers directly by using a custom PowerShell script | Follow the steps in the [Set up local printers](#set-up-local-printers) section. | 26 | | Use a non-Microsoft cloud printing solution | Use a non-Microsoft cloud printing solution that is compatible with Windows 10 devices and joined to a Microsoft Entra domain. The solution must meet the software requirements for Microsoft Managed Desktop. For more information, see [Microsoft Managed Desktop app requirements](../prepare/app-requirements.md). | 27 | 28 | In all the above options, if the printer drivers aren't available from Microsoft Update or the Microsoft Store, you must obtain them yourself, and have them packaged for deployment to your Microsoft Managed Desktop devices with Microsoft Intune. For more, see [Intune Standalone - Win32 app management](/mem/intune/apps/apps-win32-app-management) 29 | 30 | ## Set up local printers 31 | 32 | The following instructions assume you've prepared the printing resources and decided to deploy printers using a custom PowerShell script. 33 | 34 | **To deploy printers using a custom PowerShell script:** 35 | 36 | 1. Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 37 | 1. Submit a request labeled *Printer deployment* in the **Support > Support requests** section of the admin center. 38 | 1. Provide the following details: 39 | - All UNC paths to shared printer locations that must be deployed for Microsoft Managed Desktop devices. 40 | - User groups that require access to these shared printers. 41 | 1. Using the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), we'll let you know when the request has been completed. Initially we'll only deploy the configuration to devices in the Test deployment group. 42 | 1. Test and confirm whether the configuration works as you expect. 43 | 1. Reply by using the **Discussion** tab in the support request to let us know when you've completed your testing. 44 | 1. We'll then deploy the configuration to the other deployment groups. 45 | -------------------------------------------------------------------------------- /managed-desktop/prepare/readiness-assessment-downloadable.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Run the readiness assessment tools 3 | description: Checks device and network settings, including required endpoints 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | ms.localizationpriority: medium 8 | ms.collection: 9 | - M365-modern-desktop 10 | - tier1 11 | ms.author: tiaraquan 12 | manager: aaroncz 13 | ms.topic: retired 14 | audience: Admin 15 | ms.date: 12/06/2022 16 | --- 17 | 18 | # Run the Device readiness assessment tool 19 | 20 | To work well with Microsoft Managed Desktop, devices must meet certain requirements for hardware and settings. Each device must be able to reach key endpoints. 21 | 22 | ## Step 1: Download the Device readiness assessment tool 23 | 24 | Download the .zip file from ``https://aka.ms/mmddratoolv0``. 25 | 26 | > [!NOTE] 27 | > The user running the tool must have local Administrator rights on the device where they're running it. 28 | 29 | Download and run the Device readiness assessment tool to obtain an HTML report, view results, and take action. You must download the tool and supporting files. Then, run it manually on each device you want to enroll in Microsoft Managed Desktop. 30 | 31 | ## Step 2: Run the Device readiness assessment tool and review the results 32 | 33 | **To run the Device readiness assessment tool:** 34 | 35 | 1. Copy the downloaded .zip file to each device you want to check. 36 | 2. Extract all files in the compressed download. 37 | 3. Run **Microsoft.MMD.DeviceReadinessAssessmentTool.exe**. 38 | 4. When the User Access Control prompt appears, select **Yes**. The tool runs and opens a report in your default browser. 39 | 40 | You could also download and extract the .zip archive to a shared location, access **Microsoft.MMD.DeviceReadinessAssessmentTool.exe** from each device. Then, run it locally. 41 | 42 | ### Review the Device readiness assessment tool results 43 | 44 | For each device readiness assessment check, the tool will report one of three possible results: 45 | 46 | | Result | Meaning | 47 | | ----- | ----- | 48 | | Ready | No action is required before you complete enrollment. | 49 | | Advisory | Follow the steps in the tool for the best experience with enrollment and for users.

                    You *can* complete enrollment, but you must fix these issues before you deploy your first device. | 50 | | Not ready | **Enrollment will fail** if you don't fix these issues.

                    Follow the steps in the tool to resolve them. | 51 | 52 | #### Device and network requirements 53 | 54 | The Device readiness assessment checker checks these device and network-related requirements: 55 | 56 | | Check | Description | 57 | | ----- | ----- | 58 | | Hardware | Devices must meet specific hardware requirements to work with Microsoft Managed Desktop. For more information, see [Device requirements](../prepare/device-requirements.md).

                    If your device fails any of the checks, it's not compatible with Microsoft Managed Desktop. | 59 | | Network endpoints | Devices much be able to reach several [key endpoints](../prepare/network.md) to work with Microsoft Managed Desktop.

                    If the tool reports a **Not ready** result, see the detailed report to find out which endpoints weren't reachable. Then, adjust your firewall or other network settings to ensure those endpoints can be reached. | 60 | 61 | #### Other settings 62 | 63 | | Setting | Description | 64 | | ----- | ----- | 65 | | Enterprise Wi-Fi profiles | An **Advisory** result means that you're using some Wi-Fi profiles that need certificates and profiles to work properly. For more information, see [Deploy certificates and Wi-Fi/VPN profile](../prepare/certs-wifi-lan.md#deploy-certificates-and-wi-fivpn-profile). | 66 | | LAN profiles | An **Advisory** result means that you have LANs that need certificates and profiles to work properly. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](../prepare/certs-wifi-lan.md). | 67 | | VPN profiles | An **Advisory** result means that you're using a virtual private network (VPN). Create a VPN profile that deploys certificates integrated with Microsoft Intune. For more information, see [Prepare certificates and network profiles for Microsoft Managed Desktop](../prepare/certs-wifi-lan.md). | 68 | | Mapped drives | An **Advisory** result means that you have some mapped drives, which aren't recommended. For more information, see [Prepare mapped drives for Microsoft Managed Desktop](../prepare/mapped-drives.md). | 69 | | Print queues | An **Advisory** result means that you have some outstanding print queues, which aren't recommended. One solution is to use cloud printing. For more information, see [Prepare printing resources for Microsoft Managed Desktop](../prepare/printing.md). | 70 | | Proxies | An **Advisory** result means that you have a proxy server in use. For more information, see [Network configuration for Microsoft Managed Desktop](../prepare/network.md). | 71 | -------------------------------------------------------------------------------- /managed-desktop/references/windows-update-policies.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Windows update policies 3 | description: This article explains Windows update policies in Microsoft Managed Desktop 4 | keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation 5 | ms.service: m365-md 6 | author: tiaraquan 7 | f1.keywords: 8 | - NOCSH 9 | ms.author: tiaraquan 10 | manager: aaroncz 11 | ms.topic: retired 12 | ms.localizationpriority: medium 13 | ms.collection: 14 | - M365-modern-desktop 15 | - tier2 16 | ms.date: 01/20/2023 17 | --- 18 | 19 | # Windows update policies 20 | 21 | ## Deployment rings for Windows 10 and later 22 | 23 | The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention: 24 | 25 | **Modern Workplace Update Policy [deployment ring name]** 26 | 27 | ### Windows 10 and later update settings 28 | 29 | | Setting name | Test | First | Fast | Broad | 30 | | ----- | ----- | ----- | ----- | ----- | 31 | | Microsoft product updates | Allow | Allow | Allow | Allow | 32 | | Windows drivers | Allow | Allow | Allow | Allow | 33 | | Quality update deferral period | 0 | 1 | 6 | 9 | 34 | | Feature update deferral period | 0 | 0 | 0 | 0 | 35 | | Upgrade Windows 10 to latest Windows 11 release | No | No | No | No | 36 | | Set feature update uninstall period | 30 days | 30 days | 30 days | 30 days | 37 | | Servicing channel | General availability | General availability | General availability | General availability | 38 | 39 | ### Windows 10 and later user experience settings 40 | 41 | | Setting name | Test | First | Fast | Broad | 42 | | ----- | ----- | ----- | ----- | ----- | 43 | | Automatic update behaviour | Reset to default | Reset to default | Reset to default | Reset to default | 44 | | Restart checks | Allow | Allow | Allow | Allow | 45 | | Option to pause updates | Disable | Disable | Disable | Disable | 46 | | Option to check for Windows updates | Default | Default | Default | Default | 47 | | Change notification update level | Default | Default | Default | Default | 48 | | Deadline for feature updates | 5 | 5 | 5 | 5 | 49 | | Deadline for quality updates | 0 | 2 | 2 | 5 | 50 | | Grace period | 0 | 2 | 2 | 2 | 51 | | Auto-restart before deadline | Yes | Yes | Yes | Yes | 52 | 53 | ### Windows 10 and later assignments 54 | 55 | | Setting name | Test | First | Fast | Broad | 56 | | ----- | ----- | ----- | ----- | ----- | 57 | | Included groups | Modern Workplace Devices [Test] | Modern Workplace Devices [First] | Modern Workplace Devices [Fast] | Modern Workplace Devices [Broad] | 58 | | Excluded groups | None | None | None | None | 59 | 60 | ## Conflicting and unsupported policies 61 | 62 | Deploying any of the following policies to a Microsoft Managed Desktop device will make that device ineligible for management since the device will prevent us from delivering the service as designed. 63 | 64 | ### Update policies 65 | 66 | Microsoft Managed Desktop deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices will be excluded from management. 67 | 68 | | Allowed policy | Policy CSP | Description | 69 | | ----- | ----- | ----- | 70 | | [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | Update/ActiveHoursStart | This policy controls the end of the protected window where devices won't reboot.

                    Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. | 71 | | [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices won't reboot.

                    Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. | 72 | | [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.

                    This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. | 73 | 74 | ### Group policy and other policy managers 75 | 76 | Group policy as well as other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management: 77 | 78 | - `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState` 79 | - `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` 80 | -------------------------------------------------------------------------------- /managed-desktop/whats-new/whats-new-2018.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: What's new 2018 3 | description: This article lists new and updated articles for 2018. 4 | keywords: change history 5 | ms.service: m365-md 6 | ms.sitesec: library 7 | author: tiaraquan 8 | ms.topic: retired 9 | audience: ITPro 10 | manager: aaroncz 11 | f1.keywords: 12 | - NOCSH 13 | ms.author: tiaraquan 14 | ms.article: whats-new 15 | ms.localizationpriority: medium 16 | ms.date: 12/06/2022 17 | ms.collection: 18 | - M365-modern-desktop 19 | - tier3 20 | --- 21 | 22 | # What's new 2018 23 | 24 | This article lists new and updated feature releases, and service releases, with their corresponding Message center post numbers (if applicable). 25 | 26 | Minor corrections such as typos, style, or formatting issues aren't listed. 27 | 28 | ## December 2018 29 | 30 | | New or changed article | Description | 31 | | ----- | ----- | 32 | | [Change management](../overview/change-management.md) | Added balance of responsibility table and updated other tables. | 33 | | [Admin support for Microsoft Managed Desktop](../operate/support-request.md) | Updated support types, severity explanations, and additional details. | 34 | 35 | ## November 2018 36 | 37 | | New or changed article | Description | 38 | | ----- | ----- | 39 | | [Support for Microsoft Managed Desktop](../operate/end-user-support.md) and [User support for Microsoft Managed Desktop](../operate/end-user-support.md) | Updated to include Australia. | 40 | 41 | ## October 30, 2018 42 | 43 | Content reorganized: added section for [Microsoft Managed Desktop service description](../overview/service-plan-description.md). 44 | --------------------------------------------------------------------------------