What’s New and Changed

New Documentation

The documents below were newly added in September 2018 for Windows Server 2019/Windows 10.

Specification

Description

Release Date

[MS-RDPECAM]: Remote Desktop Protocol: Video Capture Virtual Channel Extension

Specifies the Remote Desktop Protocol: Video Capture Virtual Channel Extension which adds remoting of video capture devices, such as webcams, to the Basic Connectivity and Graphics Remoting Protocol.

September 2018

[MS-RDPEUDP2]: Remote Desktop Protocol: UDP Transport Extension Version 2

Specifies the Remote Desktop Protocol: UDP Transport Extension Version 2 is used to exchange data, for example audio and video, between a remote desktop client and remote desktop server over UDP transport using a URCP based rate control.

September 2018

Updated Documentation

The Windows Overview Documents (ODs) below were updated in November 2018 for Windows Server 2019/Windows 10. In addition, several new network captures for the examples described in the ODs are available on GitHub in Microsoft Message Analyzer and WireShark formats.

Specification

Description

Release Date

All Overview Documents except MS-NETOD and MS-NAPOD

All Windows Overview Documents, except MS-NETOD and MS-NAPOD, have been updated to add the latest product versions supported.

November 2018

[MS-RDSOD]: Remote Desktop Services Protocols Overview

Provides an overview of the functionality and relationship of the protocols implemented in the Remote Desktop services in Windows, which includes the protocols specified in [MS-RDPBCGR], [MS-TSGU], [MS-TSTS], [MS-TSWP], [MS-RDPEDC], [MS-RDPEGDI], [MS-RDPCR2], [MS-RDPNSC], [MS-RDPRFX], [MS-RDPECAM], [MS-RDPEPS], [MS-RDPELE], [MS-RDPECLIP], [MS-RDPEDYC], [MS-RDPEFS], [MS-RDPESP], [MS-RDPEPC], [MS-RDPESC], [MS-RDPEA], [MS-RDPEAI], [MS-RDPEMC], [MS-RDPEPNP], [MS-RDPEUSB], [MS-RDPERP], [MS-RDPEV], [MS-RDPEXPS], [MS-RDPERP], [MS-RDPEUDP], [MS-RPDEUDP2], [MS-RDPEGFX], [MS-RDPEMT], [MS-RDPEECO], [MS-RDPEVOR], [MS-RDPEI], and [MS-RDPEAR]. Using the Remote Desktop protocols, a user of a remote client can initiate a user session on a server and then run programs, save files, and use network resources. This supports the hosting of multiple simultaneous user sessions on servers. Remote Desktop protocols support scenarios such as redirecting keyboard, mouse, clipboard, media player content, print jobs, smart card data, and file system data between the RDP client and the server.

This document has been updated as follows:

●  Updated several sections and one figure to include information about new camera redirection (MS-RDPECAM) and UDP Transport Extension Version 2 (MS-RDPEUDP2) protocols.

November  2018

The documents below were updated in September 2018 for Windows Server 2019/Windows 10 and/or to reflect content updates.

Specification

Description

Release Date

[MS-ADFSPIP]: Active Directory Federation Services and Proxy Integration Protocol

Specifies the Active Directory Federation Services Proxy and Web Application Proxy Integration Protocol. This protocol integrates Active Directory Federation Services with an authentication and application proxy to enable access to services located inside the boundaries of the corporate network for clients that are located outside of that boundary.

This document has been updated as follows:

●  Added the signed X-MS-ProxyAuth-Token header and related fields. These are used by the proxy to pass token binding information from the Sec-Token-Binding header of the request on to the server.

●  Resolved document omissions related to AD FS behavior level and the full JSON schema.

September 2018

[MS-ADTS]: Active Directory Technical Specification

Specifies the core functionality of Active Directory. Active Directory extends and provides variations of the Lightweight Directory Access Protocol (LDAP).

This document has been updated as follows:

●  Added several statistics fields to the LDAP_SERVER_GET_STATS_OID control: linksAdded, linksDeleted, optimizedLinkSeeks, nonOptimizedLinkSeeks, selectionFilterOverhead, and linkIndexMisses.

●  Added the msDS-RunDeletedPhantomsWithLinksTask rootDSE modify operation. This operations causes the DC to verify a set of implementation-specific data related to link values.

●  Updated information for certain rootDSE modify operations to more accurately reflect their support: doGarbageCollectionPhantomsNow, sqmRunOnce, and dumpReferences.

●  Added information about search-filter clauses of the form (objectClass=*), (distinguishedName=*), (name=*), and (objectGUID=*). These clauses always evaluate to true for all objects. ●  Added information to the msDS-ResultantPSO attribute about certain products that do not enforce the check for the RID value DOMAIN_USER_RID_KRBTGT in U!objectSid.

September 2018

[MS-BDSRR]: Business Document Scanning: Scan Repository Capabilities and Status Retrieval Protocol

Specifies the Business Document Scanning: Scan Repository Capabilities and Status Retrieval Protocol, which is used to query a server for the capabilities and status of the scan repository.

This document has been updated as follows:

●  Noted that this protocol has been removed from Windows Server 2019 and Windows 10 v1809.

September 2018

[MS-CDP]: Connected Devices Platform Protocol Version 3

Specifies the Connected Devices Platform Protocol Version 3. This protocol provides a discovery system to authenticate and verify users and devices, as well as providing a message exchange between devices.

This document has been updated as follows:

●  Added new message fields, value, and behavior notes.

●  Clarified the distinction between the authentication done and authentication failure messages.

September 2018

[MS-CIFS]: Common Internet File System (CIFS) Protocol

Specifies the Common Internet File System (CIFS) Protocol, a cross-platform, transport-independent protocol that provides a mechanism for client systems to use file and print services made available by server systems over a network.

This document has been updated as follows:

●  Updated the descriptions of FILE_OVERWRITE and FILE_OVERWRITE_IF.

September 2018

[MS-CMRP]: Failover Cluster: Management API (ClusAPI) Protocol

Specifies the Failover Cluster: Management API (ClusAPI) Protocol, an RPC-based protocol that is used for remotely managing a cluster.

This document has been updated as follows:

●  Added ApiAddGroupToGroupSetEx to the list of methods, and added a new section for this method. Also added a new definition for this method to the IDL.

September 2018

[MS-CSRA]: Certificate Services Remote Administration Protocol

Specifies the Certificate Services Remote Administration Protocol, which consists of a set of Distributed Component Object Model (DCOM) interfaces that enable administrative tools to configure the state and policy of a certification authority (CA) on a server.

This document has been updated as follows:

●  Updated product behavior notes regarding new ADM elements and version related values.

●  Updated the 'Version' parameter processing rule regarding the pVariant pointer.

September 2018

[MS-FASP]: Firewall and Advanced Security Protocol

Specifies the Firewall and Advanced Security Protocol. The protocol manages firewall and advanced security components on remote computers.

This document has been updated as follows:

●  Added new policy version '0x021D' to Protocol Versions.

●  Added new dynamic port keyword enum values and descriptions for new supported services.

●  Updated definitions of the FW_TRUST_TUPLE_KEYWORD_UPNP and FW_TRUST_TUPLE_KEYWORD_WFD_CDP keyword flags in the FW_TRUST_TUPLE_KEYWORD enum.

●  Added fields 'IsDHCPClient' and 'IsPlayToDiscovery' and new fields 'IsMDNS', 'IsCortanaOut', and 'IsProximalTCPCDP' to the PortInUse ADM element.

●  Updated the abstract data model to include two new TrustTuple boolean fields and definitions.

September 2018

[MS-GPFAS]: Group Policy: Firewall and Advanced Security Data Structure

Specifies The Group Policy: Firewall and Advanced Security data structure extension, which provides a mechanism for an administrator to control the Firewall and Advanced Security behavior of the client through group policy by using the Group Policy: Registry Extension Encoding protocol [MS-GPREG].

This document has been updated as follows:

●  Updated the content describing schema versions vs operating system versions into tabular form.

●  Updated the ABNF grammar throughout the document to use dashes in place of underscores, so that rules conform with [RFC5234].

●  Added new port keyword rules to the ABNF grammar and corresponding descriptions to the definition list:

LPORT_KEYWORD_VAL_2_20 = "DHCP"

LPORT_KEYWORD_VAL_2_25 = "mDNS"

LPORT_KEYWORD_VAL_2_29 = "TcpCDPSvc"

RPORT_KEYWORD_VAL_2_28 = "CortanaOut"

●  Clarified definition list descriptions by updating the following port keyword descriptions: IPTLSIn and IPTLSOut.

●  Updated the IPHTTPSIn and IPHTTPSOut token names to match their corresponding descriptions.

September 2018

[MS-HGSA]: Host Guardian Service: Attestation Protocol

Specifies the Host Guardian Services Attestation Replaced (HGSA) protocol, one of two services that comprise the Host Guardian Service.  Host Guardian Service is a server role that provides security assurance for Shielded Virtual Machines (VMs) by ensuring that Shielded VMs can be run only on known and trusted fabric hosts that have a legitimate configuration. The other component service, the Key Protection Service, is specified in the [MS-KPS] protocol document.

This document has been updated as follows:

●  Added content on Host Key-based attestation.

●  Clarified valid AttestationResultType values.

●  Clarified details of TPM-based attestation,

AD-based attestation, and error message handling.

●  Added SecureClientList to the list of abstract data elements and the list of elements to be initialized.

September 2018

[MS-MDE2]: Mobile Device Enrollment Protocol Version 2

Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES.

This document has been updated as follows:

●  Added missing description for the EnrollmentServer subcode.

●  Added context item "OfflineAutoPilotEnrollmentCorrelator" and updated behavior note for this release of Windows.

●  Clarified the relationship between the schema listing and the Namespaces section.

September 2018

[MS-MICE]: Miracast over Infrastructure Connection Establishment Protocol

The Miracast over Infrastructure Connection Establishment Protocol specifies a connection negotiation sequence used to connect, indicate readiness to connect, and disconnect from a Miracast over Infrastructure endpoint. This protocol also specifies the Miracast over Infrastructure Information Element (IE), which helps identify Miracast receivers (sinks) that can support a Miracast session over an infrastructure link (as opposed to a Wi-Fi Direct link).

This document has been updated as follows:

●  Added support for PIN challenge and response between the Source and Sink.

September 2018

[MS-NCNBI]: Network Controller Northbound Interface

Specifies the Network Controller Protocol, which is used by tenants and network administrators to control data center networking. Common tasks that would use these APIs include designing and monitoring a virtual network in a data center.

This document has been updated as follows:

●  Added protocol version 3 content with a product note version table.

●  Added new sections Resource Counters, resources: auditingSettings, discovery, and virtualNetworkPeerings for version v3.

●  Added url and resourceId descriptions, and URI protocol version notes.

●  Added version v2 property configurationState LoadBanlancerVipConfigurationState structure and descriptions.

●  Added version v2 properties: counters, publicIPAddressVersion, and encryptionEnabled.

●  Added version v3 properties:  and auditingSettings, auditingEnabled, dualStackSubnet, virtualNetworkPeerings, and error response codes.

●  Added properties isEnabled and requireIGPSync; and added IPv6 support.

●  Removed bgpNetworks, changed routerIPAddress to routerIP, and changed dnsRecord to dnsSettings.

●  Replaced version product notes with version notes in tables.

September 2018

[MS-OAPX]: OAuth 2.0 Protocol Extensions

Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints.

This document has been updated as follows:

●  Added the device authorization endpoint (/devicecode) and all supporting structures and definitions. This endpoint is used by an OAuth 2.0 client to obtain device verification codes, user codes, and verification URLs.

●  Added AD_FS_BEHAVIOR_LEVEL_4 (value of 4) as the next AD FS behavior level.

●  Specified the numeric values for the AD_FS_BEHAVIOR_LEVEL constants.

●  Added information about the support for the mfa_max_age parameter that was added through KB 4088889.

●  Added support information for AD_FS_BEHAVIOR_LEVEL_3.

September 2018

[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions

Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider metadata that enable the discovery of the issuer of access tokens and give additional information about provider capabilities.

This document has been updated as follows:

●  Added support for the device authorization endpoint (/devicecode), which is used by an OAuth 2.0 client to obtain device verification codes, user codes, and verification URLs.

September 2018

[MS-RDPBCGR]: Remote Desktop Protocol: Basic Connectivity and Graphics Remoting

Specifies the Remote Desktop Protocol: Basic Connectivity and Graphics Remoting, designed to facilitate user interaction with a remote computer system by transferring graphics display information from the remote computer to the user and transporting input from the user to the remote computer, where it may be injected locally.

This document has been updated as follows:

●  Updated version number table:

- Added 0x0008000B for RDP 10.6 clients

- Added 0x0008000B for RDP 10.6 servers

●  Revised description of error code ERRINFO_BADMONITORDATA for clarification.  Updated errorInfo table to add 3 new error codes: ERRINFO_VIRTUALDESKTOPTOOLARGE, ERRINFO_MONITORGEOMETRYVALIDATIONFAILED, ERRINFO_INVALIDMONITORCOUNT.

●  Updated to indicate supported RDP versions.

●  Updated description of TargetCertificate field to specify Unicode format.

●  Updated source descriptor field.

September 2018

[MS-RDPEGFX]: Remote Desktop Protocol: Graphics Pipeline Extension

Specifies the Remote Desktop Protocol: Graphics Pipeline Extension, a graphics protocol that is used to encode graphics display data generated in a remote terminal server session so that the data can be sent from the server and received, decoded, and rendered by a compatible client. The net effect is that a desktop or an application running on a remote terminal server appears as if it is running locally.

This document has been updated as follows:

●  Updated to add RPDGFX_CAPSET_VERSION106 structure.

●  Updated to include new structure, RDPGFX_CAPVERSION_106.

●  Added a new section that describes the structure that specifies an RDP version 10.6 Graphics Capability Set.

●  Clarified how AVC444/AVC444v2 is encoded and decoded.

●  Removed limitation from capsSet field.

●  Added the CAPSET versions 104 and 105 to flags field list.

September 2018

[MS-RDPERP]: Remote Desktop Protocol: Remote Programs Virtual Channel Extension

Specifies the Remote Desktop Protocol: Remote Programs Virtual Channel Extension, an RDP feature that presents a remote application (running remotely on a RAIL server) as a local user application (running on the RAIL client machine).

This document has been updated as follows:

●  Added the TS_RAIL_CLIENTSTATUS_BIDIRECTIONAL_CLOAK_SUPPORTED value to the Flags field table.

●  Updated the WindowId field description and described the client and server behavior when the window is in a cloaked state.

●  Added the Processing Window Cloak State Change PDU sync message.

●  Clarified when the server must not send a Window Cloak State Change PDU back to the client.

●  Added the Sending Window Cloak State Change PDU sync message.

September 2018

[MS-RDPEUDP]: Remote Desktop Protocol: UDP Transport Extension

Specifies the Remote Desktop Protocol: UDP Transport Extension, which extends the transport mechanisms in the Remote Desktop Protocol (RDP) to enable network connectivity between the user's machine and a remote computer system over the User Datagram Protocol (UDP).

This document has been updated as follows:

●  Updated to clarify when the UDP data transfer messages are applicable.

●  Updated to include protocol version 3.

●  Updated the uUdpVer field table to include protocol version 3.

●  Clarified applicability of the data transfer phase.

September 2018

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol.

This document has been updated as follows:

●  Updated processing rules in multiple sections, including in:

   - Section 3.2.4.1.4, Sending Compounded Requests

   - Section 3.2.4.2, Application Requests a Connection to a Share

   - Section 3.2.5.1.9, Handling Compounded Responses

   - Section 3.3.1.10, Per Open

   - Section 3.3.4.6, Object Store Indicates an Oplock Break

   - Section 3.3.5.9.6, Handling the SMB2_CREATE_DURABLE_HANDLE_REQUEST Create Context

   - Section 3.3.5.9.10, Handling the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 Create Context

   - Section 3.3.5.11, Receiving an SMB2 FLUSH Request

   - Section 3.3.6.2, Durable Open Scavenger Timer Event

   - Section 3.3.7.1, Handling Loss of a Connection

●  Revised the descriptions of WriteChannelInfoOffset and WriteChannelInfoLengthwere in Section 2.2.21, SMB2 WRITE Request.

●  Updated the descriptions of FILE_WRITE_THROUGH and FILE_NO_INTERMEDIATE_BUFFERING in Section 2.2.13, SMB2 CREATE Request.

..

September 2018

[MS-TDS]: Tabular Data Stream Protocol

Specifies the Tabular Data Stream Protocol, which is an application layer request/response protocol that facilitates interaction with a database server and provides for authentication and channel encryption negotiation; specification of requests in SQL (including Bulk Insert); invocation of a stored procedure, also known as a Remote Procedure Call (RPC); returning of data; and Transaction Manager Requests.

This document has been updated as follows:

●  Updated the descriptions of the AZURESQLSUPPORT FeatureExt and the COLUMNENCRYPTION FeatureExt.

●  Added the definition for EnclavePackage to the stream-specific rules and clarified the description of EnclavePackage in Section 2.2.6.6, RPC Request.

●  Revised an existing product behavior note and added a new product behavior note to specify the value returned by SQL Server for ROWCOUNT in Section 2.2.6.4, LOGIN7.

September 2018

Show: