Forum Widgets
Latest Discussions
Enable Windows 10 Extended Security Update
Hi All, We are managing our Windows 10 workstation fleet using SCCM, with activation handled via KMS. Since we have not yet transitioned to Windows 11, we’ve purchased ESU licenses. Microsoft provides detailed guidance on activating ESU through various methods — including Intune, phone, Internet, and the Volume Activation Management Tool (VMAT) for clients without Internet access — which is very helpful. https://learn.microsoft.com/en-us/windows/whats-new/enable-extended-security-updates Does anyone know the best method to enable ESU for enterprise workstations using SCCM/KMS, or through any alternative approach? Thank you in advance.
Sugestão de aprimoramento de restauração do Windows
Pensando na segurança e transparência durante a recuperação de arquivos, sugiro as seguintes melhorias para o app de restauração: Análise profunda via nuvem (quando online): Os arquivos restaurados devem passar por escaneamento em busca de ameaças, cruzando dados com bancos atualizados na nuvem para identificar apps maliciosos. Isso garante que nenhum arquivo infectado seja restaurado. Privacidade e segurança claras: O app deve informar que os dados estão sendo analisados de forma segura e privada, com mensagens que reforcem a proteção ao usuário. Funcionamento offline transparente: Se estiver em modo offline, o app deve comunicar que o escaneamento profundo não estará disponível, permitindo ao usuário decidir se deseja continuar. Preservação de dados e configurações pessoais: Independentemente do tamanho dos arquivos, nada deve ser perdido — a menos que esteja contaminado. O sistema também deve manter as configurações pessoais do usuário após a restauração. Consulta sobre escopo da restauração: O app pode perguntar se a restauração será apenas dos dados de um usuário ou do sistema inteiro, evitando ações indesejadas. Pesquisa web sobre riscos associados: Se conectado à internet, o app pode buscar informações sobre aplicativos suspeitos que estejam sendo restaurados, evitando reinstalar ameaças conhecidas. Clareza sobre publicidade e marketing: O usuário deve ser informado se há envolvimento de recursos publicitários ou recomendação de apps, garantindo que não haja promoção de conteúdo malicioso. Essa proposta foi construída com apoio do Microsoft Copilot, que ajudou a organizar e expandir minhas ideias. Espero que contribua para fortalecer ainda mais a experiência e segurança dos usuários no Windows. 😄👏
Non-specificMAVIS
I'm trying to return a Microsoft Arc mouse via the Microsoft website - when registering the device against its' Serial Number, the product name is 'Non-specificMAVIS' rather than the appropriate name. I've removed and re-added the device several times with no change. When attempting the 'Start Order' journey, a pop-up message advises my device is now registered, loads the Order journey for a slight moment before reloading back to the 'Start Order' page. Can anyone help with this please? P.S, I am aware MAVIS is an accessibility solution.Did expediting the 2024-08 Quality Updates fail for anyone else?
Due to the CVE-2024-38063 vulnerability, we attempted to use the Expedited Quality Updates feature to enforce the immediate installation of the 2024-08 security updates. Unfortunately, the feature simply did not work. Even a couple weeks after deploying the expedited update profile, we had about 25% of our Windows endpoints still in "Pending" status, most of which were powered on 24/7. We still have ConfigMgr in our environment, so I used CMPivot to run a query for events in the System log with "2024-08" in the message. This showed me that rather than installing the update and forcing a restart one day later as configured, the update was being installed, then reverted about ten hours later, then immediately re-installed again, over and over: If I manually initiated a restart on any of the affected machines, the update was successfully finalized, so the issue wasn't a failure to install the update. I've opened a case with Microsoft Support, but it is progressing slowly. If nobody else is seeing the issue, I will throw in the towel, but if it's more widespread, I think it is worth fighting to get this fixed (assuming that Microsoft isn't already aware and has simply chosen not to publicize it — for example, in the Windows release health blade in the MIcrosoft 365 Admin Center).
Delivery Optimization (DO) Peer Selection Behavior
We are planning to introduce Delivery Optimization (DO) in our company. Below are the key conditions. Could you confirm if my understanding is correct? Scenario: Download Mode: Set to LAN (1) DORestrictPeerSelectionBy: Set to 1 (Subnet mask) or 2 (Local Peer Discovery (DNS-SD)) to restrict peer selection by subnet Client A is on Subnet 1 and requests a download Client B is on Subnet 2 and has the cached file Network Constraints: All internet traffic must go through a cloud proxy We cannot allow endpoints (*.prod.do.dsp.mp.microsoft.com) on the proxy due to regulatory reasons My Understanding: Client A and Client B share the same public IP address since they connect to the DO service via the cloud proxy. If only LAN (1) is set, the DO service considers Client B as Client A’s peer because Client B has the target cache and the same public IP address. If both LAN (1) and DORestrictPeerSelectionBy are configured, Client B will not be recognized as Client A’s peer since they are on different subnets. Thanks :)Estimating Upload Bandwidth in Delivery Optimization
There is a policy(such as DOMaxBackgroundDownloadBandwidth) to control "download" bandwidth in Delivery Optimization (DO), but currently, there is no policy to control "upload" bandwidth. However, according to Microsoft's doc, the cacheable content that an uploading device can peer is limited to four slots. If four peer downloads occur simultaneously and the download bandwidth is limited to 1 Mbps, the upload bandwidth is expected to range from a minimum of 1 Mbps to a maximum of 4 Mbps. Is my understanding correct?
