From d07b0d86f6869b9e1b4e902f7601b8bc4682eecb Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 22 Sep 2021 14:39:09 +0300 Subject: [PATCH 01/75] Update token elevation type values https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9920 --- .../threat-protection/auditing/event-4688.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fbb93d7b9b..22f0be469e 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -154,11 +154,11 @@ This event generates every time a new process starts. - **Token Elevation Type** \[Type = UnicodeString\]**:** - - **TokenElevationTypeDefault (1):** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. + - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. - - **TokenElevationTypeFull (2):** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. + - **%%1937:** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. - - **TokenElevationTypeLimited (3):** Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. + - **%%1938:** Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. - **Mandatory Label** \[Version 2\] \[Type = SID\]**:** SID of [integrity label](/windows/win32/secauthz/mandatory-integrity-control) which was assigned to the new process. Can have one of the following values: @@ -207,10 +207,10 @@ For 4688(S): A new process has been created. - It can be unusual for a process to run using a local account in either **Creator Subject\\Security ID** or in **Target** **Subject\\Security ID**. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (1)** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. Typically this means that UAC is disabled for this account for some reason. +- Monitor for **Token Elevation Type** with value **%%1936** when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. Typically this means that UAC is disabled for this account for some reason. -- Monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. This means that a user ran a program using administrative privileges. +- Monitor for **Token Elevation Type** with value **%%1937** on standard workstations, when **Subject\\Security ID** lists a real user account, for example when **Account Name** doesn't contain the $ symbol. This means that a user ran a program using administrative privileges. -- You can also monitor for **Token Elevation Type** with value **TokenElevationTypeDefault (2)** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. +- You can also monitor for **Token Elevation Type** with value **%%1937** on standard workstations, when a computer object was used to run the process, but that computer object is not the same computer where the event occurs. -- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the "**Mandatory Label**" in this event. \ No newline at end of file +- If you need to monitor all new processes with a specific Mandatory Label, for example S-1-16-20480 (Protected process), check the "**Mandatory Label**" in this event. From 356e56d25d3fce5fc4db68c9b5c94fff29f77a20 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 23 Sep 2021 09:21:09 +0300 Subject: [PATCH 02/75] Update windows/security/threat-protection/auditing/event-4688.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/event-4688.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 22f0be469e..1aae0dcddb 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -154,7 +154,7 @@ This event generates every time a new process starts. - **Token Elevation Type** \[Type = UnicodeString\]**:** - - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC disabled by default), service account or local system account. + - **%%1936:** Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account (for which UAC is disabled by default), service account, or local system account. - **%%1937:** Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. From ea2b7b49f1ade6c716337155869509e06ab01010 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 31 Oct 2021 14:09:51 +0500 Subject: [PATCH 03/75] Update update-compliance-using.md --- windows/deployment/update/update-compliance-using.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index d27fd0af96..8fb4f00faf 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -56,7 +56,6 @@ When you select this tile, you will be redirected to the Update Compliance works Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items: * Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows client. * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. -* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Microsoft Defender Antivirus. The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). @@ -66,7 +65,6 @@ The following is a breakdown of the different sections available in Update Compl * [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows client in your environment. * [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types. - ## Update Compliance data latency Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. @@ -93,4 +91,4 @@ See below for a few topics related to Log Analytics: ## Related topics -[Get started with Update Compliance](update-compliance-get-started.md) \ No newline at end of file +[Get started with Update Compliance](update-compliance-get-started.md) From a4d8ac7e34690842c5bd41ffed6ad41f22aff6e2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 31 Oct 2021 14:11:24 +0500 Subject: [PATCH 04/75] Delete UC_workspace_overview_blade.PNG --- .../images/UC_workspace_overview_blade.PNG | Bin 25858 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/deployment/update/images/UC_workspace_overview_blade.PNG diff --git a/windows/deployment/update/images/UC_workspace_overview_blade.PNG b/windows/deployment/update/images/UC_workspace_overview_blade.PNG deleted file mode 100644 index beb04cdc18268b912194ad492c6a28329bd4aaac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25858 zcmdqJcT`hhvo{JVU;|VXkgB2}(z_rK5v3-CBE3qGYCy!$NfZ@Dng~b-5eS4(M0yu# z(pvx_6eSc1280kG34t%5?|a_!o^#i|>)dtM{qFt4y~!@~%ri63JoB5GZMdO$UUuhi^bS)rd8eT=nlF%b+ZuQM?FbFDGX9Z()lP&ov3o}a@r9;glAt1b z`4q(a@ee)5A7>a(2!(#Ucl*KzqFNAne}B z(67<=!_6TdKQ6a&-qtdKF}wE$jxLv(0j7co4b-#-@ak$F-dbg%1lb08c;@>#nPaVgotT zLV~aEE_7VUg5Ryt22s=qdx>661($wu$B%D8Q#YmjQ0AIemSFhsSo7V~5*}-;XWp1E zN=mrHW8&Nfl#~N_hmveeP)(3cZzS`NnPo)}7^t-Ovw%fngobDI0O_|TbLvSU^NUl_ z!}#m3a8+84e4o@yeHZ6n_>17gx?(sorJ_^o?TuA=XJgY&G}@ZVj=J~7NNMwpWr1Y8 ztc2wSdHOJI8r{OLQXf|wzAn>}1Xfu~ko}VL>9EU36(0OX2rkT8PB#cNkiVdgeC-CZ z&00wbKQkK(9u-%w2LO!)zo-`tOkd8B0f;JHDk*=^{QMR+z{Wf#LN!DZ&jm9fr{Dr zjqcj5eYnF45OrAQ=>%e`|RP?(9S;X68Pfcwa7NF1wyamw3tA^3=buxGArPhS%;ZI$Y4!a z*ywlUw8xz{{QY3pZ){}TbDg_sO-(Al=G=?rHk#uXnNjMSIih2%qlKC9huw$A*dI$a z=a;WHa+lU}_F>AB$cj$uq&e7KT&%$+Qjv)Xr+aSwx8e&Q3G`6^ubt$OHmyVfG~d>| z;kacoX^pe%9`@|wMv_A%XzeR?bYQGJYUmrO1CLGJ0KZni)N=M~ucix$PW**V)Up60n*6l`RbuBy=SrPEiB z`LRjBNaxu~V)&Rje=qFqEj2B;bbIj9E_}ZGwD4;O#o*byy;lhOp2r)6?^o2P(B2+% z)`PTTZ+1->$qrKGpSjOuU!$GwDvr2gOPPScQ#%U0gSF;Eeq+7U79bz#O8kVMNZQK# z)WmM$g4Ny2@xNK*anxk&xJaY(M^okpHVQcbIw;Xxa!xqsa5vJ(n6446!kA!b;r2F) zD4VmC`MVOa_#a&$5v|dt0X6{25daEk7GLjlA6|sbL*pXFH(r3Z51D`+&19YyD7Oas zTO~$MaCCJ?zMPxj=(p!gOxdWXEh#U@+KXibjS7q|zUg1>c05N#Uy0&)C#=+&12Rqv zqRT1wELQqm&ZBjrTSArj>umY<_nQi7DBiZXjsza)UA_VGktpGJ5zH^HU&sm1F*SY( znz702<)9{Rpv|KPh zgs?f*NJgDi5}KMxf$XH^yv3J9KcnmzfCwbFV5~djy+S0)qm4Mqhkhf)=LgA^tOP*~ zoR)jB9%minkxS>TU9VO+;0?vr<4&NH0=Uc~g$&^`PZvPaFxNxp%okvpSF;q)nUgJY z`PW9BcvzSkDn-qyN5o5%4ZJ1)Yc5Tk&i1X=7wy;Jz}~ z@fPeuk|%M97*x;Fcgx5#>yXa88V5WB!$+MbsKX35U($~QpU<lS^384rP%6mCKb#{Nh~-}-Un?ELyi0AhREfDgG3qY9WK&kJx}s%0(wu?IJ(;A! zz^W5wpyw(J^E??&mOdkd=CN(tR<%@@y)qsBEVaaVd315%eXon0T-v~B0G;(SxNiow zO`a~Unm^+dI=?C2OWhJ0aKbyK9Z8tq>+9@N2u3xgK$h1jrCn zv&R@W=1_%wLs(b>^ssD|b7$v5LN# z6S9~dKu+p>T8Gs>Jn^1MQ}@lu^wy)u1?)2Q?hSPm0OZ>wXS z7KC{2>eCr;ylvt`bKZXJ;nOXb@fu@Rq3sD=8ZR83?&JpF^qK%$W$KPhl} zk#XNh=;n}fMD{|ZN+i1Ui*8DC*<-L;!;9IkAjwIeQPTQIfjtwiEb%0IC;Y*>6!omg*g*t&^mUrGI*$M8mor83y@?(p!5~O}Z7ktWP$x`s)WEG>c zLg_I8+Lw--zNfzn+slv)!P7I3=teGo;k?SRv-^i0vA-fZa-1%wBMayLn$aO9I@v?S zJFtamo zLxg)UxZ^g8uv!VtD*MT6=|{Pq%AMWeV~}0}#-oPSe7t(p%<;P!H`6k(P^86fsHI?lG&7&yf^DvTFf69R1#QiB%ye&^=d_jn^p z_#@TcS|%QU($>|QqViMy&);;FJm%~y)Mxta$b@85iEtXtrIS8n!jgVRcG;Nmqs3Fy zv%X8oFcgDD;b)A7OKeZ=T?TP82mJf8zhgXj2)?jeFuTg^TZ;cmZxo(x7tAFxe?%o2W)B3f}O#V(s;Q*Z$!TXB(qvUyD1}b%I_4w8> zf5OQ1WEI3Yum2)rIu9g)t&X<6$cg!8#M{#CH~%5l-~BPrzgO9S4R>;yE&l50j}<9PlQ?6UA%D&3 zFPEP&*0*^g|6223D?DuCb^3oFfG%PpS=1P0X$C*40cO& z#jhyTxg>D~mxf4_?u7rxeKs@vA($8`fJR?}^aXzEpQd{ynraNqV<)%pgU8Ldk#e2X|E8Vl~Q%>Ms+@J5iz351Ha<}QuM=#Rn zzZp@6KHE!lKX|3R<}L^GU!(d5tNR2G1abyvQ*i9?pEaLwo$j{&LGVDH;og$_f;zA% zJwCdv{e$2?xZ9WWfe-nogy{tTOpDIlz8HgUm7M;#>fjZ4hv6dK|NI|LO<*9Ren-qN zr~z(HH|jGie>FfyUXVy~+b|jn=Ity~ zst%Wb_wyLw_go)beDqLUh-6Au<;+dTscxzetrD_J6}Pbwe$}Z6OL;idnP;kbKliH{ zSG-7aVGr@l`Gn(zQu#gPLEPO^?QQ3kYx%*~%1bwG2|3MR! zss-I}n^0(Negm|17n*Uwz1d7i=g{MK)LU!R(9e^*@rkIX%e_DRL)<$`7w(<7-POtw zxM7pn2|iBqYc1`c+m+fEm>UR=3(HQWmDF|b9}~K63O_;}@x!>Ad2;i_M{hYAx04>2 zi0pKp6p-x{vbbnT?o)KpqNyM~tyl(X0J{fT;saBi)rX0DaGa7lxmcaVJ zQTW-V^Isb_^PY7MKe!xxh`eJ-wFm?RMB4D!G25&0TsaqWXezOg6$S-vriQ3yxIKUX z0}8LQifM`|Wp%1^!Q?x7JH(@6fYL64BAim1kJj>)GYk3e*WQ^k4nUM{q;()Xh^PN{W&}?@O;@u_84|rrY}p#g z!g)ZcVudM*VK#A!|@tq8)Zpons{Tqw?)=ZMRT5u z2b@F9;B3k}Z zEPItBzKJ@uis_bWdT{*tg`=TbLhJVqQUZY~l+HL2kjCQ|PyX{|de-_>x&Pm^^=lvv z5j2N*y8noHXQt0VmYOsCGNO-ZKd)_d`R$G}*M3slHCAVR(MBSbvN%G_L!dJd1}cgM zDT}_l*#3A5&33(1abwcNeU$bEm=4#QIvZ`&Gzsr5ML+`TZ(&!AJ8V=g<>cbd6_f^U zZ%KmR?z-Uby%Sb83x5e+{uPu7-kjN(_OcDbm-;$U)7!&3ir_YenQFSb6GWr9ulg<|)$J#~tc&(iDN(oN#jZy87gB#jU%Eryp zcB}F%_J(CSbVIT}rHiWV*f|?a7rvzwxdjT9x6`a)zqTxc<5XFp1sooUk0(>s`yV%; zM2XzOAr7)oPKY%^{mgx+e%COp4^O-_AC%-Mze;4Z5r5!s}! z*TxUbZB^%JXA>XiF1JRa&)m2u+%R-^Vn#pNdsI{+5twYhlcTQGTDckAT0RSJgmw*Z zrRMNoo>EL-2!Q??@i`3oKo@z1G}7R35~ptT<68k&1?T-zZ?`>JKlZh1YDQjz?_A68 z9Xs&ZQG=BCj7oz&de^=$>tMO4&0EWlX1aw{%pu}Kn;j6NkrPodjI`AD3`*PZXo~k4 zZDDthTtSTaMTzk9Hf?WwOoj_K+FIKaZHI-=01_MfE4+)Yxup&i7u++)&SLEl>W)^~ z^#Y9qd?&=YyHV^sdcaAauJ{v8#xBolR4(d(?$2?Ac@58`INU1l6;Tx%P71YQ$+U2z zuKTvtih>Kr&If;U?!q=>ld3W&l9E|bowxJ(*ODZprZ{`F#Cj7~N|GSbwGR+OTo=7O z-K}QHN{eA{`oVYV)o$^>eOq}f;LDn!uYzwQ0kkNzGTepNbzE829omj?X-*3j)}kxl zO4=k(gU|cfH0V3#dJ40*`n_#mT5ERTP+CR+<6T#Omh8?P@xF(5cIRdu z;X6#81k#hr#X)zHcUwQ3E!>(?58*-h0;P3oJFJzJ7F3Z?{#K0JjrOQnt1-nO@$cQ| z@Ne!uz~8ec*=$!TWwIk5L|(xOMRF-h=7!X(x?Z|M_9d9zK1}dg-QC2y;~i! zL$%rYge=y(UZVmk0uWPE_h7RTRg5_*%1XDVjJOcrJ~rBk6W)>_G%YO}A~Qx>Iu6qa z6DHv&{e2JNd|ON5 zegH>K$B1h1tT60~ef+wj$M9^-cyg!yZx!yW-ry$5s-+0yX*lRXHngcod%{`I@zk;| zHEE@vb%fhhOJ1l`$JKs1LtG#%DW*zWRz)RarN12vIvMwf#Qn85{Y8iZNytzCJkQjgpIl=R|4CIv)+?G@zT$L1|9n zjP7pQiT%10Ml2phb0mxF?%yXd*(7~`_!%HI)r3M zRqSxN6!NN_2|n8|p3=AXpwfPCZRT|VWl*gut>_&v))}MLSt>H3Rko)`nt}IhRpkz? z+nekWe2Sy0R7Lp&qXe3$dRSz?+Is=6X!c78Nkw%@!Iu~E)nWyus!_vSAAJ0F!6+1m zXKFMnHP=m^R5rro*VG;z6^;U^b4-{w{Jz~1qji_;hMyd6SK9N z)Sb-n4+L{#*WbNP4Rp7{-NRRg$hl{GxCH)qN-v|zC($3pV3r~bJ*TxoQE_(E@x3eW zj6OJAuBtxgU7dd6eDVxe8%S~T?a^5=4`1FF8#Q7hObe^R*^fzsP_8D&lJXdj?An}9 z{S`kt*sCcY>H|`^gAMGj`%`zkFJ`)F=BkmIhOTj!i;1+3>wjf8dHJ5qMP3V~@1C~Z z*A|L)3HO3d2xGx+xw3k#QLTH>C>14=>xa?DLpZY9!bj-JGi}W+uBWa~SdlA{CI$US zQ5zHs#5bU&QemfFVr_O#O7GTGGU}ylz3$j3>b~O{Tyn?dO{UQIJOkNhUU@D6A}$A;(bjdU)=aJSAM671(hU}JWgSQN za`pg{{heV&6-s`>V_?L(-hD-s`{lv2MQO1C91!%>)y%v^4Y}bH)H&6fAC~iBw$Av* zLe~jYm?A0V#9d>reLa>xyacd2Ws)a&PB+Z+#2^jPOT<2gXM>6KtB1lv01#AnoCZg)V*9a%%l?g3v%@>Q&RmNM$+UlQt+k;+BomC6IzET6lkQ1;hPFSViBKaWz%;vM*ttKC2BHgWbjCO zs-#?%=k6SlJ-^9Ir!MJ^mO+?$40){ni4=~>tCh&>@T|_vw>5^) z;9sDvD@%fy=?-TbiYXq6aK7KLC512PZJTwh2(Ia`GcMZcV&^d@*$zmz8^BM}!{7Wn zG>s{rh=z(Yf+kK#yP7VGyhPuRmh6GNlw8o!DZ5 zZ6&6oMEbL>P3_$-E|WVNJ-aQ|Bw$Ss>pgf{|G{Pc*2v7{_r@br8+X4oEqW zt)3&1098nMTk+QTZh>$wMwiBONi z=#`@!93Wqc`>>dl#6ZT1clOgd-&c6=C3@}XZ^}m)AZGSr>sROHR!X&q^Gmp<0#T(9 zy#=rt-PnNxRD0L^eVO(m&k~0MVg>z1F>Ve?;aoipDM%w4_xEopSJXJ$;oP!@H_Bu= z4QZ(==Oy=GkVdtnpBYlX`U2Wsa3*CkvrPN^(ptNir^#MO38MDO7+tFkb>F({%?jpk zQE2_Nn<3l?aIN%0k3%)8BPCD{< z!43ogJxOH-eg8-}DUFPgzU!u3KkF zq-*H%C48qEf?N?60U?2=J_B)*nNGn&F37WYU{1n`shVb0GS3Si z%w)LYd&Jj2m95Xd9^6ZxKXwVy2~6J-9q*eE=<4m#i5HB(E*xsZ0zcHcQ%%$acR~}p zZ7ej;H?jttEF-jAj4q-TV77MCjo%h1-+phLno}suiu)RKqsBNdd_L+iBuX?%_Z_ce zEb2s@TuyKA({4fiVNB{16X=b!9(SWu6J2ZKr?LW_;3w<>r5{G&QX@H@MQAt17&pyess4B z@H?lmYG0Ioj|VW7H#$e94E)rauW=FeBhSW8E%JYO=ef+&J zF{sk0ZDz?RMr?lVx?(GH=#fDxX3Rc>@Hx!j5@6-08p+racT}+LP77|S!Czf1JWfi_ zZKzCEj3brzb|VjnD9n{)m@$)C*|0KuU-GOvcv_?q8abJ8UsCnKNLu_4BG0^5f+tZ{ z7j?RWmSqEZ3rDnY<*GJ$qAgserDnWJSDa1Q1AsvHXyrEI03Yws6!us_aP>han)ZJa zhVJiEp(>ZwAqQ=2+P4op-ckIkuLmwvga7n_)47l@bO{i4K;-XE@%~?9+5d-$Sj&;j z?E>zo?d=c`g7ez~K=|ZqR1;~`8vm^ng0C2}d$ymsxUl}69*|e_n;`aRTO)#d+uATZ zM)W8>YjNZf`|idt7%Kz2c4WWB!mSN66SS&k&d0#;#AvNkB(vNPyx)7_>PE;=QKKDV zU~njZL*LgJ8Qu&1&(D4sObnWTx!+75SzT;=Bf75T#Mjbv^Kr`9s&U6;V{SJ}#iJoNy3&{#u3PBxTS|Fx+jEYAplIq@nv$5dkz()dM}yR3&Vx&-Nmx8A>B8 za8hPw#o_fWz8;x-dvAODlf>PUb9jam&F}(0cD`BYRE^{Zy8#lg)HGA-rE-=hcMg%g zl~z$A$T!J)p2GLAxhLW#p>?=<*Qr3Mj`Va!JG3zj-tZIN(K@pArN*`X4Y&$HQp`9}rFudyfJREFHhl?@R&I`-)SmM(Ho|K51hidsl&`PW6Tf*JW96m z264L5>s;`C4`y2n<;2E=Lyi2)9xc_Jp7_*o&y^L5ub&o2MECbk2(E|8T4HT119-fi zB>1`|?~YVp$E;;wD1O%J_1QaDDlHqO+qSVd@49JBP+Hl8!n?%7AFD3_R=(?{gKUsa zA7l?loaqt0sw9g}?nSM=2nHehdUeFgBNF(dikVTg@YpVy?;)2%OY0zV;iz0fV9xg7Ak<~J zDP}n3L6@}xA%q^#53q?8w} zV2kWHH4YS81 zaYhpunM0tZ<$kvEO-(>hACVhGvHqq^}nJ<(_ z+RbK1!%PyF&QZBlY9SU7kps1bEwqH#m$l!ZK}olwTz0n&0@vFBrH-rtOA`|ACBLih z9SRz9c5i8Ef6p2cGVY%F+R|tB9=#3RRBCndtU!cKV58j#z|Zl4XU9p%A4z3P|kNNk)=sTnxbT>cfqDuy9=wZm&+M(wPy0^+M)L zgb_3kds~Snt$xR6jA>WncG2~PVSH?e zHje%ItKpIktW;;nHV(g9VuyMsZjG+w+wfRYhHcwX(Siv}Uc8%mhnkK%q}q*TNl&<+RxSiTmX0eH%DOfdNOQuT#vAw8|nCf4vnnN*l>M zf;2~$XlajqvyU5!lOIE@X3naSWI|X@7WI&c%TB*RZv_4NFrEH8N4_HjCsnt(F4B_5 z{lTAqTz%bQ$ko3VHFH(U^^Q!I6o>ZO#CL};tXsoi0n?z>S|i&p8G*?uc4)<(U&j6Q zeTY@Cju`Bv-P9^XikOnpXalWZ7A0xfJ^zuTQVxqs84_E6ZQkFIy*UFfQW>k)c79<6 z&)xY_Vl-Tm#X;Y}@8JVKv&&t)hv!UE0rHEVe8#P!0iSHfO6{73zmwr=uyv9Z&wQ8p zSw5MjzLxlC2lqj}Q7HMz5<>oml(d`j-4fb@dU}1m+M0>hP=<8)i@<9+Zq3bs+Gkx z#KXtdQifSs9WLq?$Z73v(&kE(-L6ziECnqE=uM=Oj68i(0Q7LB%|{EnRBC7^i!^>4 z7$@^)te1MMJ^9|rbo!Q8i5h+`eRv9V$@u;Uk6S9tsh2C9h36tTqDIa;iSS6p%q+79 z$PNDM9_JxZpw7bvL9Mca=URX^KiJ!TSlwYx-Hiju)K^n~G$%J!3rHfB`{5(ST z&I3*H3WK--qT4f!_b#1F4wQ`*_dYZV@{LkbZ)O15W!Zd~{wUrR66xLZsG z?BOZATh?-{q~CB13B|0^$C_szXri7R9}f0R%c!N1m49H#rR9-&zztRIV91G+_zVaA=Zn^&Vk_xQ7PKleTtc9<*%{$!Yk zaEzUg?se&YLma$4Lby;`d0Vp^3(4|*l_`HcR8$9=RqG$TU0O>|CAc-k`QAs`4LRG{ zgH4of4}aJgVlpgNQY#TQYu<58=JfpH#w(%HAc@d!F)>wb_kHltWRW(vHiz)oPWrGJ zrhb1>UU{__!X7EIp-x&ZX@WawiqNB7cRcw>McmimlSOjeN&!0^rs@|9I8yFKUVN7h zH|oN}Iy9%kvnQ8Wp)X0Daovat&rG> z9-=w!EkQ1a5F-;!vTWNGAyIbMEtY&cyx+zoV=y@K*Dfx}tBi2AvE|xN36zr__P=6~ zzQDD{i8~sqV0HC+woEhh8SuazI&XV-L>Y*89-Ur^*g16Q=8XebzDGbvacclUUbKvlQ7kK=iywFR5RD9k@$g+)sF(ex;hUQ+>_^v0PMz zDTQ=kJW3jv=>>(Tn{&;Ah#l`6$lYD)DjKl67K6v2{uD@V3+ycAWmZD)caPFB)Zj23 zj%`f`6o3)L^PZ^k=eP?$qK0M(Or_l~Eay>UZ~wo-XgCW_kzh zw;P{4OkTU4QVS4h1r|K&IS-V+jD+1_zsssLY4;HgPF=lL(U*H7?3`KA`0nvsq$jI4 z9Xs`L&p#T5xB8MTbZI$(^Sfj7;bLn??&S*PH%M?$1@Dk^X|*LRL)#o#AuEo?lXeW8 z=jS>&T=321Q%4dbWdNLJ?-CLU9I8K{h85+;CMS8!Khu(HEj*_=?ZMYqx*x)7a1~3I zH;D50>YNn>a2In=o8cuhbg5r_1rCEa5trOd;FBAoNG1mvO}MItef&^skrJ!t-KUeS z*N~$xQF4dT+(uVLY)!2x3NSn7ez8Oo=m|~vn+;Q#y@6=w?77AK6!X{5uEeM3tdM|s`ZQu=MRR&fHREt{;03#Qy?!PJdVIguI%BdpN4_;-WzydrAw1%Q&q_;) z(0}npJ;nB_Qu!60_!2R&306=7?=wC6(bfZRd;?$VHqLZ``{PVvYM>`YysPX zuum`%7<*Z-nxyjc(1F~;Wu%kKCmE_k@8t$S$vr@~nT4WGJsBlEusjec3~^!>&jVvm zC)iy-Kt#HQfe9B$0I6Zo?(y6Dv=?T`q0RE8 z27ht$Vl!g8XgQ_~&GGE{{Pit=cFV&M?(<7`41{`+W!dsn21 z#{yc)3jI!M7&}BziI#CN-^A#_R+!KbWnN#Dy>y5A=2r#Ex8oJQ%Q!qLPte?2GFP$K z2x~uA2{-1SsMP}5ZaohiBP`M7Nbkk}eDnD#0NIqa8FbiXp>82ad(t36!8+u@$QULg zTd*{No}T`hJ(1hsY|!w#Xr%A+s)eay=QR7AIDnZHY~iKDXPjt?CXZ% z$t5@3V^U5tBp+nZ#>IxQ|_kK)U7Y)wr2$8a|=D_(ubFJ&X=!u}WzOF49qgW-H z;fp$eXKo{9x+M@|P(_suIqiSF=Dr-;o2*ROs3pEjtc35|LB^lqNplh{mU5=(eWGn~ zC4lGwv*KM~k($aYmZlC_^S-Q{2wGkC-IXVw8HSGs+-w+j`X~ZZYp+I&!ASTJ_X_0& z)|upe6^%^oon1vq)ft8C*@kTVY@u9|{+joK{4z4_WC-`)@SWLtg&>I9<7xc-m@-ph zw700gV?CraBErGcC{wYF~{D~d;EPM7^N+J;5$! zU0`hKT}=m1?+j(Qd9e!JkpZ_-t0X;wtl&1fXEmb!kpG$aFq0~Ud8R$34!+L0>a*I^ z%Tu+X8c6g|OG&;_JyKk$q*^fjm|9SeZbVESS7;!;sd@iR>QPhS=5wl=HpWkC#kBp4 z+^d6v79#_Vh_t_$n53fij%S*~FB@C%wO-W0Z~u`~UP+XaJUc6$2%ktp1u2$iyV?exReZ)Bi+k z6DPyY??}T=07J4YRFP~8FEtLJ$aex40)4w1=+Iy*A8V;D0kCwP-42=M5_LNJYdg9% z{#(%n3B*&~?yNvUq9Q75ZL{@QM!5)gnj!dwJgbtn2U}p=Z(%@~T{&^%NJPqcq@uJvo)xrul7H@7RvL3zD6Y7bT<#SK3A9lNsntPt86FiXQ0 zb{I*+$o1hNh2bm~HYeTpk;!7y)!gPxpup)H=N(mU#P0YyIv=xCcj5C*?fT9UF*G#S zy;(NmBA-wW2Tw=8$w;^e>Fy>{pdP1C;d3yK3h(bEmv*zUh1yS!Cy%^^Q~XsPX~Hg( zoZQxHw-srzJq(4A^5z4Z;7 z^hCkFEHsumP^ZIz+1SJRR^xTDWx9s%t@ZWohTS(+&bN57JGtM1a)&u(>QcS`0l0tvv&TMRgScyf2e?}p+Ua~P=pqqlf>*itx|CBB` z{9NU6(~!Rl7b_RKetIrgzWuN`bC|+DAH&EM);MNB=FwRvzE(_4=k*Wgoy0_btPN$wnt ztwLRtd|r~x<7FmT(S+>PZJh9b(soF#_jsh!_>lGofXax1M+pzf2th$`t76iEBiG&s!N?0djxUx`e$XEY5>+BScxxp zOT`6TcBKFJ3a@>jHu*)%F#fEQ&c9PG3v_bjlAw_^KPW1kC5i7Z{DM4{f&I9}bTi@r zT3H;Wr;`~EaM#CEpE1pcZqkca^p@Y~|NYLBDX6CPE-^fLF_Yd-yI-ktSjU+GX+>4j z#vRf8CM6AMSDAU8^6-4Y+bh3B%HSa8)7rPJ?ZTEr|3g8^tgoYCjz zB5?#ymD%-1{i4*ZPh~zosF%|q>YN3wKD@Ami9r_~#w0I#t)t2~QCL#$s(R=AiO=sN z<4`^=_q6suHeT3N6iOJDCA#8&90KV9Ym4nci<0e9d_K@EY)Fg{Kp>)@h2cIunbD77 zD*GO%YEWMpAvF4X#POW-fdWy9gCBZ~^j(X<(bf@~+7N+4Txs#7o zB3Wm=RSy8KQ*Gw1cY5}_W7ITKu6X@Jq4GB6*2E5nmZPwxpnvUi$_Z1_=B)~7d;GV& zlnVlJU2qjAtV%X6fe#E6LwhwuCz5ZZ+;@e%0W9Fz0)DRYXg((7Rljx?<8~(&C4O7M zGa0=Kj|i!dQfw+mO!XbkN;A}+cQp2CWN@JKz8+x=@a}oP6{iWdxY221LgG-KT8JA# zvNNyrTzIfZuK3j&88-lKd=u8?K)5u^^abSTydGc;vfA={T~g+bMxO*ZjNTjWpfG%-b2Nl$c|H)g@IKX0o^fX`McE?#Hca>u_|qi!D{(Mb(|f6R zEom%qNkk^WROW?Mj<2$R(DO>NN~DofnDMx9@cFY+Km5;tMLBf^E>34j!8(|NlNb2T zJW@UL>}$t-VjGjcj&O49ax>Cl7NzD(5U)t;;Xm&{Sj$xz!+S zsjkcFmQk(>PH8u|J5~9tvOYO|a|TA4nb^EfHNk_@t3)K|pPg3qJ--|)b8PL@GOko- zecM<6Lt}h$U_U${c&e6gBk=sA7vDHDwdG+l&X%fFY1k$1ptoF4j?#NPKn+X6I z({sfuYfjLQByW?7fP&H=M;C?i6eSZ_Aza2t@UDUcNs&UnAW z_&Fu=QTFi1?b|hv?mUa{RwQr^Ew;ZKtMVj{>IuM`Sqp9mo=1rypI83=R<`+ytKiAx z>Sged((8LA#5d9W)@CUpF<=G7ok<1%;qN&mizsxH9MhQO|4$$V!z4#nQV{_DQ{w|u()R&JS0K3;aCh~(kAm2J$Uq`$m3gbA zIY~O#HmkULi;1*6>&NnJBXNkIY`gc38S3W3J5k=oGYSd_&2huM;Y@LfBiu|&B*<|W77=r(Z zoev3>h1V{cR-xIT-@0J|hzb#_CR*-%)25t#$_P;P*06j{O)h!6}YlHKv>ZqQE*RLK}+qYHe8E>YF|{2 zp;sGuYy($XeeeceJ1T^ExgbpJaNyqH%aK}C_r~jxll)UMg@3V_ChMTUEGs6`qcbiPbw-CMG~|&Ag?$9p z0Q%G6^JK}==1MX6m*p{-;urT0m@ZeaNKd|bz&Kei{5J-iC}(~6_bGFUuVOtXgqM~{ zw;QORq1w{ECT=hXedEtBE2S$I8NaRItw#j5a2W~39r>?2t)b#IF;OyTa{NfAs#om8 zWA#JFi)wYkSm~8hP{kym)<73k7@#lQT1t5IhM8G!Os7nS+X`d6*^%-rBxAe~F9_~tuXhZAm5}D)HyzLTWW#&-kmYky|qD1yb}?xeZd zUz{_v3z5g~vCxqp+`wA5M`sHK&)|Ey6MPOd?M62vGAGYyFiVpc;9NLHVk%~`h|+zaOZ zwUg%V?)okSQS23GPCP!63~sh1DMsK#-^kR0WMXrsyQYMgY=P4S#=kRhuF28PSd`P<$Kg3i_ci8Py?QGMfrLSXq`JCA|I*hPtb05MjH7@8_ zaPOunU#QkLmGq>kUUjp8N;s?*OH)m6n9nkMcJ$BAp%43h5%VEm3wjY{s zTDEeoW2)L~Yv&1Ez4Fk~FRlUNv`}uUk$iz4b|OdB-}bVD`p-AMW!Vgw znph*J%2>{QkjcsIvnxWp*3FCm#a(ky?N~NWzEc16i$3zMBV{5<10U1?)!?ss|9ria z4U65$QT6>W{ozfNXA342{bP-gL-DbfrLeT8cJ8gD>-xB*i z4^IXVmde5YB?g!LzC_2|ohY#?jR6t7qR!@0jk?mN?PG6vFryYHj$lG0fWeGgWpgB+ zQs|JYVFw6Hca8(wz?oTGsV@QU{jyAX(yj4)Z-4`H$y#k{H~wLH2@IfWk2bbGWQ=@P z$x>Gb93%LgO?@HB&6b_Rv3MhaV1r#qtu09&(_z4Nk}q^U@Pro)Ff>p8&+FTNVJr1F zKK+keu~Z$32Am~2yG>8{Z>%|1pA)}k>s^_ST5X19);t#mCN*wn?0RW*e>917P$R|Br-!>QsF4_-MlkF*X$TD(yK`EU8Nf>_(0Q9 zT*S@ct@yq~T#V3{JpN2RcjDqm3CFu*rS8as1FX?-W&ii&J&;_2f;h(Y5u}DLzJWbI z3(}0&6ax}GsEK~6BLW-<(tB4>7~l&rUKti)Y(d ze!gs92E^{dIseI%pXC%~ycn8}_REa1fKPddsma3WZ^kukPv35BMw=MP-0Pz{R1 z78>LlYMU4F-7-II2(F{#dPiojyN3i9$#q?S7`-C{SnR&uw5POF^P?YEd*KQ3sDl(E zCMe@%LZK+Oum`el-1&y-6D&UZ-krf4W2l==8HFW%)Ioy6tjq{1R|QHgyK)jK)lWa8 zOY;ux$L!ZvutKR*Pr;i;PNaD7WCE6IEQ!d0`el8sp>yZ&)4I&Bq>@|J{*s-#FH&w{ zZ)S%&p(iVD9p`e~r1BR3b<=M4$g4twvt}#0iIivRi#yih-sr`X3`4kXGd!=3>!s|6 zVz4phNp*WVp09RxiY_Yy-(=K$HS#Z+!Z6%{CTB#Y%~ND&vHD{3n0OamUxKwUF)>l% z(R7^IYIIsF?k;=5jX7tXLAJ0jGF`Ra=a|_=cNB-1XV*;lFcgsLdOV9jhVG;L)dGc8 zk;rC~;uL}c{^fJi8?sPz4oTw;s7gTVCH}~9!Z%}q6L3HVRLnQs2n;7R`zW=;UvN#w z1y$g*T-b}`8<(})s2dld!sA5aI#YO}N*Ig1!nCtV`Q;STC=+Q!%Hi3)T?07+ZVz)j zU9sct8~&px| zIk%|Uo{@10Ye2&I=AV7dqeM41C1}m3Xxu_&S>2rz(cfjBsc+kz0r-~Jeo}Po9{mPq z`#mC^GNBT4P{sANLWX&gr8F`&H!7#sUBrG-y=d}>q35_Zv4d4{kam5Dmg_!zQz$D~ zp?xa1cRR>3_h}BXwCo>fJ%~~qBoT0SAEex-q4V*-pUwhxTTw)1YRWr!_ z2xgJ80FVaOxVX20T1Bo!DkuN{qgW@aq2Qib(qv6#NkZXOuZ@_sud~y_B|CqvCSxHp zZpm{5>CF4dK45=F>$!osX8N{ID&Pyp8~#sawTh>LB-MLfHp{A&GX(6cX_m>s(E|iU zSsIl?{B}bfAh3#Ox@XtjSf?iF3*+vicKmcL9YF|EjXq(wrSn-TCJ*D2-2i{nYJh7F zTx1gySlfPJ}k6(Z-C zg~~Y-^E>ly6Vo}&iG7{y-Xqy1b5|91-fW;-W%?<;S9BP_WhwmJQYtT`Am#vCfulA2 z2(T+N;Eu+0jQwC%FS=%_2i5AL;=IIvcfIjE+HnUw>D-;c->4=C;Lzv&N8Uq&{5@0L z$IJtBzJWO+tv4p={G5_Zw*qugpA@ZLezUeEMm7Go5X z3I6wVHI%Lg6ZqXH$5X{~?5422rEA?P_Afv8O?ZH9kdzMc%cWGc%BADKa@RKew-f2a z6V`}imVb(3md^LMF9#L}BK*ZAq;7gsbVjTGCAwB61%0=5igwMCgVP(6Bg%N0Sx$w} zEvLDtd~g717qwa!QG;7bdBABp$I@A|DC~XZx;&UkupG!0DjS(KI7!uep~R{CC8_my zqaBaZen0Y{YbtbdxpC4g14kY83ctPn$evfr1)WB9@@mZfjas#S5j!RHN^hPa7B*7} zDGvyo@9$=rAru|o#SioOHJg*tozX{7v#bM}KdFoXokdaiQ4w|8zU0m$@l&15teFcz z+EWN=?r$OR+|{77|!Uo7iWzMC1{qT>&X=hUT^xq%HwYH z$zahn`JoDaSv#X$32Wba>f_wp9X-Ax8K|~>TAOBH^ek;=u0>98wCO$;k`$ednbeef z^BDDZ98v3IJs(CV0M4S~R?;G=r}OHqMy7ds%9cxPTDOX4FFHS{BY|^lOKQvHmgHDA zduzSYwsAz6y0diNEtkb5g=F*_ z0}gg`_Y;Xno2B=be(t@jeO|z_g+JDu&yo$Q5Ljm<`Ns*)(tu;q9MPm5s^g;B$oQgEheU76IPyawR5J- z?G=Us(9od=L2@a+w!J;yjOz`MFgJl(?Q-kL^GC$~ab=sV<`zr$h{;k0;#f8^7__0P z10THQrT8O!l2_u!5`nO3PyAA4K5-4AYNGnskJq@bk?A8l)vSs@+8rC@J7B5cvF~_M zKFPjg@ER^cRjVt+%NOeEd|leQ{6wyhYmh^~I=ybpVf;#8>{z2ivL}(7Nf_s5e8?j& zXn>nPQ(SxRV+c1!bikZHk#8G!aIjxje5|SF^ z5QYq$lIpWegd6$eIFXrn8?rSDemxX~6K+Sk-%)Gp}Ev|w16tk<%pISH7u zc1qQXJ_anbT^x7_G+TV2NfZ7q-l9m$Ncpy0o%})u1#@1Wm5;zLa~j#~c_VK|TEk;8_B;_ujgFDqZ$q zYo00qZq)!p_9EB}Au7ltwv8g=t;TGncpk0(-hli&5wx^`kTTT#MjAiOzhsR^9D>K! zH?R!5UaT3;2gT^!>b3beS;ukxC8qI7+O&nX+f2&#kd()vm^yx*N+3(7k!X1KOi8Fc|XfVo>=(Hh?{;wnQUS zefwl1Y@9?ir+ngO)zYW&rRji~JA{E!j>zaY=4 zEQo%0c=cR6s`~yVzdS6&tpA88_ty$M_K`C4$JHOM z7Y`HDgcH&RvqN&+r9ZBH4Cq}@K-owKC!DH11rtw1=5t+ckLP!M-6+g)qj8R6a?Oh- zg&!ORs-6|ZR?v>>;*M|}K2|M!mm`b3p0kO*o`q;fe)93YQMFDMAO$>KKo3`dB?v{vkA_L zJgNWf*`2wFy&?mSeGLLHOR7sWjy@SU9K|U7CaH=x?6|^g5Ktz=p7h;NSIJCG-0v;% z4s(?}B`SFNh274Gb1{pLy>ScAyIn^l+b5B}d2IRmPZq)RkR#8sx$W@{ONqs0A&aBm z;E5WKK5B}Y!ubZCt^+!>Sx@*oP|!8a`4yj_5`>bQs?Y5dO82{ujb=|j2H`I~QP&@O zwjhoQ>Zs#kg;X#8&G+>9L@me%&YKdsx(m5_;fYS?cVS{Iy^g)FW2)_@_%zEcpg!Csy>(tAXMjTTg+( zzvg7PUqu87LJ4^#b_rgS|GA3u9k9*4>ghv4(`T$sZg=fsQ`awX=N{5TkXysiw<i(UZ7Dk2O~QrfO;kbE#;+P-gVYJ88}otl*^rgIpzmQv00Co5c`tQ(W43*KW!4*= zrMoiB`*)|Xf=xO$DB=H^kM Date: Sun, 31 Oct 2021 14:11:37 +0500 Subject: [PATCH 05/75] Add files via upload --- .../images/uc_workspace_overview_blade.png | Bin 0 -> 16055 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/deployment/update/images/uc_workspace_overview_blade.png diff --git a/windows/deployment/update/images/uc_workspace_overview_blade.png b/windows/deployment/update/images/uc_workspace_overview_blade.png new file mode 100644 index 0000000000000000000000000000000000000000..18dce5e83156b5e8904ff9e72a54f69b39f943f2 GIT binary patch literal 16055 zcmeIZXH-;Om+wnX1x3z+H?Qrf6X2HNJou~goy+T3yVxc zU0ELs3)>M33rCR%2l!@XpdJJK!uHZvdw^9j1o;Vkz#*vbNMfE&A(2tVxm(noT{_HBr6V@;?jxyz z$P(|*VzLYCr#a`peWvBszt!ZP?=>A98}#>lnzr!&9XM2Te4KOs%|FxaS%NT%3KT7j zV){=v8R8Mklc5RHlfo3}9-Y&?>T8_6RJ>IXxA$ z;R<9N^S$g|$1J`j?t3Z@6@Eu3P{8-bzQDQyRq1BkDHsRK76HR48QeLnJQ%}?hw}R| z3BSH_%f6kBoJO&1`;J?%bw`u(uWL*Fdd(JUe%ohPwJ1Y~YyZiHL&nz)8gR4M*OMrZ zf}Zbf#|6)N(%m_uk5hjw$llFFvv*W@Th*5c7;%zm-DS(@L-~CX8u8H!8FVbm3TsN> zA!45H-FZH~KJl@hcl6p9moDOGNk52_)(lavY2SVxGb{!?E3 zMP9Jh(3lc5UdqxXZezt=+IPbk1#w1=<_M|P zAl!hSqWcawbCF8!rU9ZfE17yN!ZC2_=^&2Nq4vHCqlco2HFNzUz10jV22B2#4~9$v z^@X7w*bJC8KL7UQ_+OTfXS=1VuC#S2SK6TBizQ<_Q}%a1_=9ra_Jd*z{jS?8_#Uck zaP)Fn*)3kGF?r2&FPXuSa9@miqxQ~rk7PJ^Ldy?-)Yp^5y#zQ~I`P08wUl~Tzb8B<8ljeRgh;!95$kLTz7V(jYsOl6aOBEgntq-?q z-|LT^YWgr`%J!-u1no&iiT=s0xA^)stX4p2)9%qUj-@zKNJl=J;G!AAE9^XnduS_4%7SWK2v;HoN293jyN*e;XY*pZfApjC&!0v;3zt{bcPs zBej_NdscId8xJYp>hI!3cQw;uX6#G?;#{ni1V~g;Icy_EW-`nyDBWY0cFQ_UDuo5a zO?dM)6Zx!_3qf0~Gd?QCF%9{}4srY2hg*^oDMC!HT=@o2^>1F~k{QIsno5qV%)}IS zf)2iwnjHu`jb5P}qwk3> zQc>1i9Uaw(op%MB*uMgzhVSnZ_iBYib}|?w{C_ut>QIYUKkrDug;9h~-4cH9b+TCl34Bd}YvK>3WWT z;y*gsVuaA7-5u7vGe_y}T2tQqoVl}UgJo72AzIGK5OEfehCUg>xE<)AUV`l+J(P2~ zU6AzM>rdbTChz6qv*D(#x0NVifeOE2|4E-sx6d3@Z-mpFa8jl$w7N9;j}+{g}IVdMaXgg>vO$YLbl(YH%UgnGsfydh1>PrJ_;+YFm2g;0oM`| zJ0B>z_;xWt*-wVtJI`NX5o+h$Q8gJ2TCILZzQ{2qhVJTY`@s+z&XwhJD@yCH^AGve zIeO@8u3|#E^e-mPmQ>=7FE4!F`@|YchP>9B3hU_AuWqBFcI#rJN2kHdN#N%Mym!F=@17W`zjkgLAfW>rDC(0LjaMfFR}4wZ4?!cG|Cejl z6rkW+GJfs&^kNCZ?*8-hb#C)%VQ9oXTX4j3IP1mj)O@EbS^w+HV-B448e0Z2wCkN3 z0f_(ccBHg2MuA!p>PPi1jKQ`JVN4Hxs7eEliHzVtCkUIOwLsCg1R5ebbs=c2NF-gN z8+ITKll*eXaGtOOAJPd!5wH}Zk0rr&=Sr>{;Uvu3VGT#}{O9M#!Q|!ydRt+d!D$_> zk9S+K90qC;N!;MO_{tG2*Z4xVsG$HNwSf8%qmzYYA%}*62G~v`mF)A76Y|p&!Oa9D ziPwIYVl|c?^rFjpzz{)>2~pT!J>R=AGy(V-A^;Em@KO6A_TtVteQ>VL-_~shw5)+! z-SFmq|Bp1Hn;jm&B&W8T4_Qhb%dgl1W}GlHjV}bR^DKfXK^Nqw45B^`m$BgrJO{d- z3j7z(4$)faQWW4`Wf~&cz!TOzVFwey_r+88VkH`|ya$6QEpYC)DOTSzTtx@Kkg{{Kdb)Dl=H>@&Pwgl7q_8AFdr%C4tPUm1lk+fNN|kwgbs+A6iJZC~&H zR?UtU=bn>^8g9%{5ok*g*?i_3iEBz`DU*q2*b)s=v8NuUbY-XBsK#-cNgZKX>(t|_ z2WGB*beHM6g>G<9MyOZ%p=v~t->u|ME(Q1Hgv;8+L4tAd9|)-bG`s&cGl!Nf4o23A zY5!%xz!}mUgZ0h%8%pLHR)znCvU(nE%+UbG%7DbEyLPnmU5thZe>>CW$Rgy&>ZY`o zdz8^YL@mUr-G!fIAdx=$m08rn;e5*}#pQ=2v>3A!BjQKaB=zvYqUc{HVR^zC!Sp$k8<=Vr1XM1)6>qc;*_)>Ter&uy-)4R~`C>v$C2 zRPjJ5z!sSCSn?lt@x336M85RleMHfmK@=p_jiPc_&uDhJ@zeLt+NCP;P_(fl^fE$Q zqh7muct)8%VP|lk_W9KnOFcp* z6U|_&MSOtGi(MXK1CPMH4kx5-rzUFg7e*tfHgFBYN=AvIh0%tiL_O|5&i}YcWR@@7 zrElx7u9=NuTE#Jfx=PGHDlo$WMGrbKJEww#457(hgG%=eVEwL24htVNPimT3V_(3v zVGFH6ii&8~^X|_WnVJh4YKqwAm=DFbqZi*Q8P;SK4d`WLP#cwuNQ27F^cgjxoSPIF zUmM^>VPbSWT4x(vFOCvtlrab^_4LD3Cb|BoGD6 z6Pnbjsa^Aa>n5HMm&RK=#BPw$(5Eh@{3v(&!)+0Ri1sOxx?<)9CMyi0>rotd=xvMD z(q>`Hm<@ZkJ=5fzD@%vcq&TQtCT`EaZ2fud6ZM)@&0m&-sl3hIi(GKyvhNsH)DjZ&O{qL?D3~YSm8TJEw!(s zBPxW%eHz?q_)gX7DE3-UBDj=!&4_;XM4>g&Qi$!(aKpGLzqmGrt}VZG%+08r@G)Fl ze5SrV^G6X*a6ZRO%Fgo#5{t3n=H<){5UTJ!3{3PLWB3PR!g=Au{BALyuRRLSm&D_% z=sgZQFp+s6Ing&fKYUD<6m-mQ6&f~Wfs~AzT<8#JJ9P9Ib; zyMkS8t+cqAd3=llNl=$V2i=t$soyiYH)H{B@1u3f#;5bLt1g4rP**7GIBmoYP8s*z zc}sa#I|EW{HY0%lp;=-mg?hQx*aE{vbYNQ+?4*@~{Bd@3j^%DfE3t-VeA5u)YFoT} zFCn2>Ou3KU8FevrFEgrFOelvUJHbyW--*N|OO{Myu*BHLm}!h=;zNaI_#wa66MF(IUh7aJU1#UzRmqBb9J%{ByI zdbXn2%bWQ>Sn(sGMpDhd5kD{5jB?XTy4jt8Slnma2SJM1t8cfue>HrUb?2>3a#0^q zAVT$PEm>+TS3q-MahRJb=^s!r1-ShM{U6zYrjDIk`w85TFj>OZZ!ZU|1tp_1Le6;{ z(4x6qDx5=My^d`RswVNhHZ2Ve7mhLg(==vMTw{0ImS}{*N)b9t9YrK!l>E=E-v~uV zp#qGr12s`3tNaKS+L_F>38r_}Y4r~nGP0PyHguL`E!E9d@6O-1`2ce*vBn0~XfAED zI#QEX&!TKnK~|WmSy!b5Pi%gOM5fyZJ%P5rV#R)QZmU(ztgGzN7(x}A$0XR4Eb1ze zd2hDZ;Jr?cjK*(<%NLKqEYhhWe|@{Rw^-S za@ELtedK<9wDLw5MVdM2pn3GoYnVmK6K|p5?^sa-n{lmkHcf|Z1^%*%1ODD`=b}#x z_OrRZKHqb1TPzgF9ITs>_yU7m&ILoyk#1G%Eqka5`<4CRt%1)*(siFXv`8<9izUDsHzy=@ z;Zj~sVZIezZ7AYvO~aMoRQ$j>jaZ0g^rLNMg(ls)+r3DlCG*J;r z?bC!B%LQbZx+ZQToRH&JB;)|aF(?{N7$Lqalg4w8snPGDwU$z{b_EH3zr*x|iA21z z{9{}Cy~lB-3AC?DJXFEJDs)teEVuxy4P7|fm4>&TeXA_0Hs`{GBo*N2QZlehn~Ww; z(LTkeo8Gk*WlFLX!JExYeC6t^oxK*Pq%V$QW2J%ls?Qxf7Z0(ugyJIuVU*0Fb1BXrk{Ye4&AbUurGPtO)t=N zl5i5V^Et@B=a0pHH2GETdxOLTV3o`=HSUqi_vxnBwPNnIzQlCHEDq-+ufDfl$P~?5 z(SbAF?1HaWDokugCP|xf7u)%nvo^{t+(Q`urPcZf=@q| zNB<~+_jeU=FAH8A7F=s3_?^Ud3J)!w?l8ajG-nMsIz+4%Cwek_eWnm6Soqi}IErDa^^x_;3$2d^bEP@^k242Uy&gn20%V+1Dijlm|lA>*BEWaI#S_fEE%T zr(0J&9lHjDckxwDmW{e-rGiOKPNOszh<=}puvVUVJ(^98TxMPl9wX2>^O_V`X6@d0 z*Ec0=KARs8T4sF**1F}$Y*95;=ZT%^f&1Punbd5k)Z$$AD&tEK_SV#JpcE>bJnB8^ zrGwh^_*7~nZVC3iwl(IH_e*{p=fM(nho(|PP}tF+=}K}RH9vH2?OssBQTF@X)`Q=F z(36*Ik@TBShhDVom!#J1NGOY28Bl}e?kjJ;OiX4g51y_-R$=I#L7?Yr_dL~CiRmD2 z`*iX?=ehDPk22)XR@^U-z-G&QmVsZ@+^@~f%DgdddCqO9i>~%Rk4##1+qb*U)s_vS zGJftVBV(4|&P#*Us7ngfXrVMbcSJ+KYH4=%<7IgI5pUTm$16YWi`8aiH85Vn`KrD0_I{^l!wqMTetaX&O8oa5}VI&AFq( z3Z4#eAWiFZt8sc#2jvf`rSH zQl=^=Igdq%O>}!7u9ThN*vJ+Y7~ct@f>wX(xd~$+U>|zhYgE{uR8*yNgcdWtHZpN3 zRD;?CZEo$^qRPZ;NKw^viC=2SFL&K;97Vx)KwLVu(s5$0;^^fT*YCl7EA0+A5Mn$s z4@l0GZIsnRf#`7xe$h{bV?7;Ej(|hJs0$0!MSv7=)X8Ni=YlPLigqiwCf_|%yz$!q zI^d8sz^eY{>M^P%d4R^wj#=yY$CtjwcAhShb@IF>HxLOlk--uRB7XelROCQ}P%g_T zS&l0*=_vz;M@*RyKae;fELBYeEvMxD5BmFHhT1`pd@G14Sfj-a+tv5xHX1DZN67d) zaQshh%c&CIaO(=(yZ3vcHF!8jHi^kr3%d)O%H!f>w?HjPqQm3YL@}=INVWSy3oE0o z7S=~Bj}T>kK|$90zGak&wMau4bfh(2!ATa~NtB6;be&MB+jGd+&vGJB`?gw( zvITm`oF0GkXANlj=tATHoiW59{9cYSuo^jsF%F&%Ohha1dcM}CPyLO;OHMQpY3mR`LNNaI1q-CYE3jM zZPcfZal%GF5sf!EDBETEY_H{|D=|o}iyF{@^I6Ebe+Mzu@xLhd75zE4 z^p)GOqt6S+i169#8s#sP9?%eAdW)adytn_H823aV$wd?OHvMkybWTO8`DlZ~M8<5l zGvtA7S5~gpzG!0o`6rJrF4o#TBypQClwG#Q^NsrN#QyzW4;V0|sF*6vjE>3+qL0L^ z=rE5v9+6nY&SSbteXB(z<+r21a)OiOELO?0ge^cBoaT*Ei$LIG_Cvh`pfrpXCyoO?0PUI+|DgdJom|(a(y4CJAe&Pc_J#)_O*kyYOj}WmRuh zpdkzy%U=gidnY0|e(M;G3#-mE(G6?B_eXvS!1g{$T5=DY$hhLAPMz zMW6il!=ETwZX+n1(PL*(@cHRPZu3P){L7Qf4Ft2?g$IG*s=%J1)6WF1)9aD#jn=N?0lVnWa{WAG z-#61Fp0{3MWmGntP|4{$5QGg;&K~}}kAT^{L>6pcmbN-XJlH>5_yQkv`EiU*`d)02 z_KNnYc~8Z&pdbp{cl@q8@kK>NneHv8k@OahbGTJ722rX+%^wHgtbhRBP*L)mouO_v zHPN8p-M5uNWRzLK61yiMYncmI0utDT5h^Exf(} zPVn2#lQ)lY{L48`3|2s1J+K-jf4?QaPx)*=@%xMX)5bq78QQnMwBu@0n_!dkJR(F( zJ(6-A%ax8MXZ`WTi@Vl#y24!BQGA>x@q`-z|MqJBH*WABW+#T3eaVasmJ`sTI&)4_ zwU*0|uQMN+#k=SANeDS{wF7k9Ek&mVLw-6fA#+(*C;~rs{4qE%wZK{UqwxH|wSyac znU~(mts300$fMLci;eG;Uy4M*HfF}#Ef}wKWfl{UHA$%)uCdhD+uu#IJ^tGSIL_n;oh zTYky89s?bgWu$s!LP{N@`zMdW8o#xMPH7?VU(p$Vx+-s-(a!cLc;1hf+JOxdkUNVt z&BKq`ubdcrR1- z+7okKikZ7wwp{GaHZ)!_BF4!3`~d&$6~-<;Do-V)uof8~+YwRh((-Aawnt6k;7L_p zJxCumJDA+E3~w0QpUa@f(Fa2+xX)nqGWfd>l_0d<)v%F5T|{mG)TC}Zwhw)rxZmOD zbTA3$V|**LX?#LQ&pGBO7YA@ zRhMtV<@E5r?l{4F+e;g)%3T!Rd}UwtrnRnAQ1)3NCmxGE&MlKllO!43YYsQ?F;(Rl zRGugyK(xTD2zShFtkCfx@2UAez> z&)$UBS8;FJTAMD(#l0VbPFHX=M;`jiB;m~LkpkmnuG{9K0!4*9Xi$=VF-3CP{%(uR8l zybh&^x8!PrX5n6Z#75LvUL_$&OJJ|5Spk1Xc|?o=cp6~=AI*0fV|m%CVEkA>B-9fB zAJ>#dEU$chqp7KRe*9;l=Gib%SYU92lo0u#i;dBO1XvazXSXqUZ_R)HqlRXn4&hgT z+@|dB@4r!`B9;$+jzYk0x zt8d9~Q>Lt@%isJO<%dKKq`_e49f-C{pH&BY9U7W7@83bE(&p4!cqWlb1vBuc?V(N; z>RNn)%1RAsgsF`Cw#9hkQ47)somc^{VxzZn5n{ zKPrW3W#Ys!FOt^1P4DUlCbYcom&{}`sm;{sd#y!cI}4JYp5i`(Pls`7Og|s;a@g+F zBe4Hg{OvMs1f%fWQDvnQ@%1}vV7{2iX3B_19EzO>Y>-0po=tA&K_AKLp2_r+G?Vr6 zcqt*Vo;R8M*+^<|-X+<1Xl$khc*&!upx7%+yYhP_MtZ-{Ctq1Q*W(ksD*|PESh7;% zvKZN=W%Q*9q3a?Yr;q#0wb@4x+9!_KPje#aY3f|=QgR%485wEoc|(2O9l}y{iTF1Q z_eJ2(?RbmN)b5*n0&^bU4<#W|ueRkyBYq?WEzxz2`hU&*v3uDp?j)2&JhSx8ZZ06y=*lMY90_YKdvjlyd>san|fX0@- z;OerH%U%#Qu2FtKAN`)MY(AR903wi(16~9coqXZRPXk?1qV=5=4%mSUKT!Yhv8{D2 zkk#)xfz>)dC)7egyrdRD9<6;mY|Vw|LcNyPp$dy%m%MUY<8wXQbaLe`Z=hG^^@dmS zY0(ovaYAQN1Ehx&P9C($b^^V@Wn6i&z~jl*;FS$wKqCtuW&tU@y`eKkPRJeBvl(qa z($MgA@D;^z$F!N}bo#c#9~qGw?Fz624mci-Knu;B%`@JdL@+yuQ0i&x@#TWwVmn{u zOV$g4cSsO{^9>xWy)Uo2ln=@$jwDwjXO$X@coNbA0GZcuwq-eN;=h{Ii0B zNELyM+RpUAA;{|No?z&Es;^nRbsIzl)!>qhDL)m}#*E~k!UIJwa{b%p z#|4Ge5!%9Vfa?lp`1dDnp}*1|t86AMmaJXB1U@?}quFZNkFUJW?$?JPdwV{x++Rq$I&o`Z_`qcKq~&qw!r>}qW|Y%_ zva&YZ2CT=$=k>W8BBSm2~#pw=Yh_WERNdgn8NGv}j9 zMf2U4+KM_RPd0KX!Sr;2M@zIp#*c1~Nk7q?41APw5_Bk7_ROM2C#sa-=1KT6#I&6* z_L&iLijFeUgQHK8e#vi@4iAQ?gzziPXB_;$!B9vJ2`QD&r!_U!L^SV=fzTQ3gbn~9 z1~4J*-z3zUHC-0XJBcOA27waHkbRRCdd?LFW!EnF{Q)Faa3&PmX)ogrLlgukrw$PD zM2qS_pB1a~$sXm7yUhrcS4sIjrZ4j$a}<%vw=%|V&tYr~kn)QZv{igpyU}yo9h|Xx zj{pAG6S!)Ik3lJu)mcaA_coS1H=1MWu2Lukeb3Di?Wwc)jCG%l%f79Sf=&5dz* zS9Lw!+Fhw5)g`7>$j@R5j#apM3#7@}PvhDsgt6LH?0lgT^SPt!jd`Q*ar9E%j1*(Fv0p(@}Z;tS8>GaT{fLB>FgO60Kz8z#FCowtjQ>gS3L8p^^cy_Xfw%*++zN;?nMTpRp9mI{UyL zqCYgoRM=Up*rZa1TZ^bIiHYFIzVJk|fi&GA{x5%fL^=u79NvIW0nD`U9=@$ZX|4oB z(l|JqVO=3RR4;Z?ML9zqcKb8*QcQ5kK0>D{&2g1vnSx)dSuE$57^sXCEnThzWqCDe zNM9*T6hUDEJ9qNpDAfmlG!>*3KiF@ujS`FClelTmJ{ zu7gMpq_0MtOJ&tpS^B`XdqnZf@s!901Vr-A=#K;y_PLR-wQ!o~Vwz)FZRF}FQp!Z5 zxG17w?gV!DVZL?~1IrUrMaljVPu(t0hBVcD{7A%VHgDCIiD0%U2D3jzBe!KRT~LZF=6p$ic7 z2=CR~9%pNxZ_QQ)9J-`Zo#@JZq4Bq+9%k`7^V`6v&4?!{h}XF<1pWRr4W0&e{De7f z<5iuob^oo%0jgAJ0juGDEN&mpb;fbv;-zFz#I6)RAgp~DyXiehjmIC@*nV4{Kl=ZG z;O?K>e}Q1X<*{l<)Wz9RhR?`+hNuiw*xW$3ZAV}IO;PL1Y;6LIX*&gxN36q?7vf%* zIEbKr&BbCo582F}*l@XAv$e~o>bt4$7Pdmd#6~Bz44?~G9FXaoZc-lLD1{9@W@PAruEQqU@%H#}8f%Hfgo>e)ugUVYNDTbid1L<>&` zSBof%w~-R7O}Exm>CM|ONi#99O^ga!P~f`xrpS8X84%y!r$R?Qy9aeA4c&DUD+_|cqnTpNaN<>jpxiD5E^bH0we zWcFVacOP;;(ZsbC46NYQQ4>=k=Ig?PX5Agq_hGwpS%k;_v6evWrBX!0iZ`IFJ!$`# z7lRvZ23>ZrEe3=n>Wlj>|bZSkn&77~H_mKafo)BMysB$ntfo23_3PKbnpC*o}f zK*?&T=|fY_ZCZ-YpoS{Ui1H)KBk+PRq@!XZ{3>*nrbzHZxH&K{aC2V$CsCg&2p#Dp zG<12+I92|BEg&Y&}8> z4ioJ*rwx}el(8c1=z&dj@!7@8ZLr>b-;-p;U*_}4PesVW>6#zbcStb=ymN4nPF0>_ zp8Sr;X=iX8L8%kGhtC0C}4* z6<@_z3Y@xdriv&QVRc0`fxP z$$!;o8AA^mnX3-GuGp+5LU;erk2&Szs-Jd7PwR-OOuf`~##DN??c|711>=XOJeiWJ zM3RitfJ;=z8U8ex{Jwkqt<4-U7WLqz;fxE=wKg2o(LKr46lm)3**%J~5hqg*5_V zMTP##@3i2uns%<~80F$(QlE$jx1$@yt>fLNj72&L1G;ZK<6ENEn3Tjv19ne0`})IR z^#l^3RJDaUE}_Eg6i&@z6!f~>M_fSpVu8^k%6Ik$-^QlSDV}x+h|;3CATz?NLrTe} zW|=&v$|<)9nKchFg@I|#Xw0`fNA&IJ9&-VkjD{84+p68&oQ9B72<@9sdxpuB(v(G` z>z}NM0`Lu3D0`?>mtLtOd6J7i_9}A0(<$^QzS@hcE;TiguRa7`0VwANyK+2ltVgcc z5(O}E$bti*Yh#ezIe>`VzShjYESXZ--8FTi!AT1DD5P8o-kwsKl6#~1&<%-{7|GLMUY#{AQ|9FsyB6(VZ|V0wY%Kr zCSOjVAdNp9x}UJ?X|4ghskG8G} ZUF6sb^2TvFfS1j&G*onyD;`*d{Wl8Cisk?S literal 0 HcmV?d00001 From 068fc1632558cc82a332f3004da4fbcafae57bc3 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 22:39:27 +0530 Subject: [PATCH 06/75] added windows 11 after reading this article, i found windows 11 is missing, so i added it in to this article. I need help from @JohanFreelancer9 for his assistance --- ...lization-based-protection-of-code-integrity.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index ea7806d09a..1af50efd7d 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -19,8 +19,9 @@ ms.technology: windows-sec **Applies to** - Windows 10 +- Windows 11 -This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. +This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10 and Windows 11. Some applications, including device drivers, may be incompatible with HVCI. This can cause devices or software to malfunction and in rare cases may result in a blue screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. @@ -34,9 +35,9 @@ If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. * HVCI also ensures that your other trusted processes, like Credential Guard, have got a valid certificate. * Modern device drivers must also have an EV (Extended Validation) certificate and should support HVCI. -## How to turn on HVCI in Windows 10 +## How to turn on HVCI in Windows 10 and Windows 11 -To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options: +To enable HVCI on Windows 10 and Windows 11 devices with supporting hardware throughout an enterprise, use any of these options: - [Windows Security app](#windows-security-app) - [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune) - [Group Policy](#enable-hvci-using-group-policy) @@ -80,7 +81,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. -#### For Windows 10 version 1607 and later +#### For Windows 10 version 1607 and later, For Windows 11 21H2 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): @@ -194,17 +195,17 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG ### Validate enabled Windows Defender Device Guard hardware-based security features -Windows 10 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: +Windows 10, Windows 11 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: ```powershell Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10. +> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 21H2. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. From 3769f89f6e63ecb5d8ea5f4f667e153e7c9406db Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 11:18:20 +0530 Subject: [PATCH 07/75] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 1af50efd7d..afe3d97a04 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -81,7 +81,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. -#### For Windows 10 version 1607 and later, For Windows 11 21H2 +#### For Windows 10 version 1607 and later and for Windows 11 version 21H2 Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): From 8cdeaf2f40f4af5a08a90e16aaea910b5bf9335b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 12:19:46 +0530 Subject: [PATCH 08/75] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index afe3d97a04..947d55b387 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -195,7 +195,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG ### Validate enabled Windows Defender Device Guard hardware-based security features -Windows 10, Windows 11 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: +Windows 10, Windows 11, and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: ```powershell Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard From aa3793980e384d17ce344770e003640a5295e898 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 12 Nov 2021 12:20:04 +0530 Subject: [PATCH 09/75] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 947d55b387..6dea84f15c 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. > [!NOTE] -> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 21H2. +> Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. The output of this command provides details of the available hardware-based security features as well as those features that are currently enabled. From cf1afe2a2abde259c59b1b7df5a3e8324bd2109c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 16 Nov 2021 21:31:15 +0530 Subject: [PATCH 10/75] added windows 11 after reading this article, i found windows 11 is missing so i added windows 11 I need assistance from @JohanFreelancer9. --- .../identity-protection/access-control/local-accounts.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 6ad17afded..c285a90fc9 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -19,6 +19,7 @@ ms.reviewer: # Local Accounts **Applies to** +- Windows 11 - Windows 10 - Windows Server 2019 - Windows Server 2016 @@ -73,7 +74,7 @@ The Administrator account has full control of the files, directories, services, The default Administrator account cannot be deleted or locked out, but it can be renamed or disabled. -In Windows 10 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation. +From Windows 10, Windows 11 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation. **Account group membership** @@ -558,4 +559,4 @@ The following resources provide additional information about technologies that a - [Security Identifiers](security-identifiers.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) From d93f5e693751373616b547916f2b048985ac9fe1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 16 Nov 2021 21:32:50 +0530 Subject: [PATCH 11/75] added windows 11 after reading this article, i found windows 11 is missing so i added windows 11. --- .../security-policy-settings/user-rights-assignment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 6760680ea6..e32051cb2c 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -22,6 +22,7 @@ ms.technology: windows-sec **Applies to** - Windows 10 +- Windows 11 Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows. User rights govern the methods by which a user can log on to a system. User rights are applied at the local device level, and they allow users to perform tasks on a device or in a domain. User rights include logon rights and permissions. Logon rights control who is authorized to log on to a device and how they can log on. User rights permissions control access to computer and domain resources, and they can override permissions that have been set on specific objects. User rights are managed in Group Policy under the **User Rights Assignment** item. From 58a9eb3c3efee8ee57860f9793c6954b0eb466a0 Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Mon, 6 Dec 2021 13:35:18 -0800 Subject: [PATCH 12/75] Update audit-registry.md Add a note about expected events on Create Subkey. --- .../security/threat-protection/auditing/audit-registry.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 6ab435279c..bc39c3d697 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -46,6 +46,7 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [4670](event-4670.md)(S): Permissions on an object were changed. -> [!NOTE] -> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. +> [!NOTE] +> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (Event 4656) issued by the object manager. We see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, we do not see this event with the setting to just see the registry related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". +Calls to Registry APIs which involve accessing the key to perform any operations like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. From 5b6c9a109afd42e4d8defd11eb61c6086761822e Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Wed, 8 Dec 2021 14:25:58 -0800 Subject: [PATCH 13/75] Update audit-registry.md --- windows/security/threat-protection/auditing/audit-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index bc39c3d697..f24a23d4fc 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -49,4 +49,4 @@ If success auditing is enabled, an audit entry is generated each time any accoun > [!NOTE] > On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (Event 4656) issued by the object manager. We see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, we do not see this event with the setting to just see the registry related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". -Calls to Registry APIs which involve accessing the key to perform any operations like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. +Calls to Registry API's to access an open key object to perform an operation like RegSetValue, RegEnumValue, RegRenameKey etc. would trigger an event to access the object (Event 4663). So for example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. From a7fe5dc5142478e23c41c6791d5e22c7cf9f2f5a Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Thu, 9 Dec 2021 16:38:48 +0100 Subject: [PATCH 14/75] Update policy-csp-networklistmanager.md Additional information on how to use and configure AllowedTlsAuthenticationEndpoints and ConfiguredTLSAuthenticationNetworkName --- .../mdm/policy-csp-networklistmanager.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index ced9fe042a..686aaecb14 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -58,7 +58,16 @@ manager: dansimp -This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: +`````` +- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication. +- The HTTPS endpoint must be an internal address not accessible from outside the corporate network. +- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. +- A certificate should not be a public certificate. + + +
@@ -91,7 +100,7 @@ This policy setting provides the list of URLs (separated by Unicode character 0x -This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. +This policy setting provides the string to be used to name the network authenticated against one of the endpoints listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix configured in the TrustedNetworkDetection attribute.
From b74b643cbd0f16ff011634f4525ba9f57b4480be Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 9 Dec 2021 11:40:03 -0800 Subject: [PATCH 15/75] Update .acrolinx-config.edn --- .acrolinx-config.edn | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn index a3a07ef4f2..64354d7a64 100644 --- a/.acrolinx-config.edn +++ b/.acrolinx-config.edn @@ -1,4 +1,4 @@ -{:allowed-branchname-matches ["master"] +{:allowed-branchname-matches ["master" "main"] :allowed-filename-matches ["windows/"] :targets @@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology: -| Article | Score | Issues | Scorecard | Processed | -| ------- | ----- | ------ | --------- | --------- | +| Article | Score | Issues | Spelling
issues | Scorecard | Processed | +| ------- | ----- | ------ | ------ | --------- | --------- | " :template-change - "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} | + "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} | " :template-footer From 1a41dd2059c10e60ec6c7e519cf22b418c6126b4 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:04:29 +0530 Subject: [PATCH 16/75] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 686aaecb14..e1d8281bb6 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -61,7 +61,7 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: `````` -- The HTTPS endpoint must not have any additional authentication checks such as login or multi-factor authentication. +- The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. - The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. - A certificate should not be a public certificate. From dff2610703e38f778819aff3e9a85e24b39ed63e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:04:55 +0530 Subject: [PATCH 17/75] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index e1d8281bb6..21039fb51c 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -59,7 +59,8 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. -When entering a list of TLS Endpoints in MEM (Microsoft Endpoint Management), you must follow this format even in the UI: + +When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI: `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. From c798567889191eedab6c0c7fb6895246c7e6dec2 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:05:05 +0530 Subject: [PATCH 18/75] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 21039fb51c..5c296ad42b 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -64,7 +64,7 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. -- The client must trust the server certificate, so the CA cert the HTTPS server cert chains to must be present in the client machines root certificate store. +- The client must trust the server certificate, so the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store. - A certificate should not be a public certificate. From 726dd867bef292d80a0d43eb27b886a9ae0344fc Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 10 Dec 2021 11:05:15 +0530 Subject: [PATCH 19/75] Update windows/client-management/mdm/policy-csp-networklistmanager.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 5c296ad42b..ffd0fbfd0b 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -68,8 +68,6 @@ When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should - A certificate should not be a public certificate. - -
From 77c6b849d4942f7e39442f4b4c5e9d6344afa250 Mon Sep 17 00:00:00 2001 From: msarcletti <56821677+msarcletti@users.noreply.github.com> Date: Fri, 10 Dec 2021 09:01:04 +0100 Subject: [PATCH 20/75] Update windows/client-management/mdm/policy-csp-networklistmanager.md Using this format is not a 'should' but a 'must', otherwise it just doesn't work. --- windows/client-management/mdm/policy-csp-networklistmanager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index ffd0fbfd0b..37197c7b20 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -60,7 +60,7 @@ manager: dansimp This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. -When entering a list of TLS endpoints in Microsoft Endpoint Manager, you should follow this format, even in the UI: +When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI: `````` - The HTTPS endpoint must not have any additional authentication checks, such as login or multifactor authentication. - The HTTPS endpoint must be an internal address not accessible from outside the corporate network. From f1bff3c3f844a5a38a4edf3a043311952986b30b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 10 Dec 2021 20:02:53 +0530 Subject: [PATCH 21/75] added prefessional , enterprise editions as per user feedback #10185, so i added professional and enterprise editions for windows 11 and 11. --- .../credential-guard/credential-guard-requirements.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 095e9ddef9..bcd7516d2d 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -21,10 +21,10 @@ ms.date: 09/30/2020 ## Applies to -- Windows 10 -- Windows 11 -- Windows Server 2016 +- Windows 11 Professional and Enterprise +- Windows 10 Professional and Enterprise - Windows Server 2019 +- Windows Server 2016 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). @@ -155,4 +155,4 @@ The following table lists qualifications for Windows 10, version 1703, which are > > - Do not attempt to directly modify executable system memory > -> - Do not use dynamic code \ No newline at end of file +> - Do not use dynamic code From c17c1baf592811bf5d9b717f191a2ecfd4b29dfd Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 13 Dec 2021 19:56:04 +0500 Subject: [PATCH 22/75] Update update-compliance-using.md --- windows/deployment/update/update-compliance-using.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index d27fd0af96..b79203ce61 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -33,7 +33,7 @@ Update Compliance: - Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities. ## The Update Compliance tile -After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you'll see this tile: +After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you can navigate to your log analytics workspace, then select your Update Compliance deployment in the **Solutions** section and click on **Summary** to see this tile: ![Update Compliance tile no data.](images/UC_tile_assessing.png) @@ -93,4 +93,4 @@ See below for a few topics related to Log Analytics: ## Related topics -[Get started with Update Compliance](update-compliance-get-started.md) \ No newline at end of file +[Get started with Update Compliance](update-compliance-get-started.md) From f0aae708c6bac7417e086a4398f84b14f0d1ec17 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 14 Dec 2021 15:07:31 +0200 Subject: [PATCH 23/75] add info about Accounts_EnableAdministratorAccountStatus https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9927 --- ...policy-csp-localpoliciessecurityoptions.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index e8dc4d3729..22c1583ceb 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -23,6 +23,9 @@ manager: dansimp
LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
+
+ LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus +
LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
@@ -222,6 +225,54 @@ The following list shows the supported values:
+ +**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This setting allows the administrator to enable the local Administrator account. + +Value type is integer. Supported operations are Add, Get, Replace, and Delete. + + + +GP Info: +- GP Friendly name: *Accounts: Enable Administrator Account Status* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + +The following list shows the supported values: + +- 0 - disabled (local Administrator account is disabled). +- 1 - enabled (local Administrator account is enabled). + + + + +
+ **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** From bd21da381f9641535f249286205de7199b2c96cc Mon Sep 17 00:00:00 2001 From: MandiOhlinger Date: Wed, 15 Dec 2021 18:58:09 -0500 Subject: [PATCH 24/75] Removing Windows 10 Mobile and Windows Phone --- .openpublishing.redirection.json | 62 +- ...onfiguration-service-provider-reference.md | 577 +++++---- .../client-management/mdm/devdetail-csp.md | 6 +- .../mdm/enterpriseappmanagement-csp.md | 535 -------- .../mdm/enterpriseassignedaccess-csp.md | 1116 ----------------- .../mdm/enterpriseassignedaccess-ddf.md | 328 ----- .../mdm/enterpriseassignedaccess-xsd.md | 270 ---- .../mdm/enterprisedataprotection-csp.md | 23 +- .../mdm/enterprisedataprotection-ddf-file.md | 23 - .../mdm/enterpriseext-csp.md | 386 ------ .../mdm/enterpriseext-ddf.md | 320 ----- .../mdm/enterpriseextfilessystem-csp.md | 140 --- .../mdm/enterpriseextfilesystem-ddf.md | 273 ---- .../mdm/enterprisemodernappmanagement-csp.md | 4 +- .../client-management/mdm/filesystem-csp.md | 107 -- .../mdm/healthattestation-csp.md | 2 +- windows/client-management/mdm/hotspot-csp.md | 200 --- ...ent-tool-for-windows-store-for-business.md | 2 +- windows/client-management/mdm/maps-csp.md | 175 --- .../client-management/mdm/maps-ddf-file.md | 125 -- .../client-management/mdm/networkproxy-csp.md | 36 +- .../mdm/oma-dm-protocol-support.md | 2 +- .../mdm/passportforwork-csp.md | 2 +- .../mdm/policy-csp-accounts.md | 6 - .../mdm/policy-csp-browser.md | 30 +- .../mdm/policy-csp-connectivity.md | 4 +- windows/client-management/mdm/toc.yml | 28 - 27 files changed, 382 insertions(+), 4400 deletions(-) delete mode 100644 windows/client-management/mdm/enterpriseappmanagement-csp.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-csp.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-ddf.md delete mode 100644 windows/client-management/mdm/enterpriseassignedaccess-xsd.md delete mode 100644 windows/client-management/mdm/enterpriseext-csp.md delete mode 100644 windows/client-management/mdm/enterpriseext-ddf.md delete mode 100644 windows/client-management/mdm/enterpriseextfilessystem-csp.md delete mode 100644 windows/client-management/mdm/enterpriseextfilesystem-ddf.md delete mode 100644 windows/client-management/mdm/filesystem-csp.md delete mode 100644 windows/client-management/mdm/hotspot-csp.md delete mode 100644 windows/client-management/mdm/maps-csp.md delete mode 100644 windows/client-management/mdm/maps-ddf-file.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1965f039f3..1261e72c0f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,5 +1,65 @@ { "redirections": [ + { + "source_path": "windows/client-management/mdm/maps-ddf-file.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/maps-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/hotspot-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/filesystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseext-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md", "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3", @@ -16411,7 +16471,7 @@ "redirect_document_id": false }, { - "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md", + "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md", "redirect_url": "/microsoft-365/security/defender-endpoint/gov", "redirect_document_id": false }, diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 4790193f0a..36a38d6c45 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -35,9 +35,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -47,9 +47,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -59,9 +59,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -71,9 +71,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -83,9 +83,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -95,9 +95,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -107,9 +107,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -119,9 +119,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -131,9 +131,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -143,9 +143,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -155,9 +155,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -167,9 +167,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -179,9 +179,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -191,9 +191,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -203,9 +203,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -215,9 +215,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -227,9 +227,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -239,9 +239,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes| @@ -251,9 +251,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -263,9 +263,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -275,9 +275,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -287,9 +287,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -299,9 +299,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -311,9 +311,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -323,9 +323,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -335,9 +335,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -347,9 +347,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -359,9 +359,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -371,9 +371,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -383,9 +383,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -395,9 +395,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -407,9 +407,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -419,9 +419,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -431,9 +431,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -443,9 +443,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -455,9 +455,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -467,9 +467,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -479,9 +479,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -491,9 +491,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes
[Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes
[Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes| @@ -503,9 +503,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -515,10 +515,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| - +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -527,9 +526,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -539,9 +538,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -551,9 +550,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -563,9 +562,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -575,9 +574,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -587,9 +586,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -599,9 +598,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -611,9 +610,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile|Mobile Enterprise| -|--- |--- |--- |--- |--- |--- |--- | -|Yes|Yes|No|Yes|Yes|No|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|No|Yes|Yes| @@ -622,9 +621,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -634,9 +633,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -646,9 +645,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -658,9 +657,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -670,9 +669,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -682,9 +681,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -694,9 +693,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -706,9 +705,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -718,9 +717,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -730,9 +729,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -742,9 +741,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -754,9 +753,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -766,9 +765,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes| @@ -778,9 +777,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -790,9 +789,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -802,9 +801,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -814,9 +813,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -826,9 +825,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -838,9 +837,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -850,9 +849,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -862,9 +861,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -874,9 +873,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -886,9 +885,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -898,9 +897,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -910,9 +909,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -922,9 +921,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -934,9 +933,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -946,9 +945,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -958,9 +957,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -970,9 +969,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| @@ -982,9 +981,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -994,9 +993,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1006,9 +1005,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1018,9 +1017,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes| @@ -1030,9 +1029,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1042,9 +1041,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -1054,9 +1053,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1066,9 +1065,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| @@ -1078,9 +1077,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1090,9 +1089,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1102,9 +1101,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1114,9 +1113,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1126,9 +1125,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|No| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1139,9 +1138,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|Yes|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes| @@ -1151,9 +1150,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|No|No|No|No|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|No|No|No|No| @@ -1163,9 +1162,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -|No|Yes|Yes|Yes|Yes|Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes| @@ -1175,9 +1174,9 @@ Additional lists: -|Home|Pro|Business|Enterprise|Education|Mobile| -|--- |--- |--- |--- |--- |--- | -||||||Yes| +|Home|Pro|Business|Enterprise|Education| +|--- |--- |--- |--- |--- | +|||||| diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 788d14f999..7a1c219d01 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -77,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r Supported operation is Get. **SwV** -Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge. +Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge. Supported operation is Get. @@ -114,6 +114,8 @@ Supported operation is Get. This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length. + + **Ext/Microsoft/RadioSwV** Required. Returns the radio stack software version number. diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md deleted file mode 100644 index 2b9c043f7c..0000000000 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ /dev/null @@ -1,535 +0,0 @@ ---- -title: EnterpriseAppManagement CSP -description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP). -ms.assetid: 698b8bf4-652e-474b-97e4-381031357623 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 06/26/2017 ---- - -# EnterpriseAppManagement CSP - - -The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment. - -> [!NOTE] -> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile. - - - -The following shows the EnterpriseAppManagement configuration service provider in tree format. - -```console -./Vendor/MSFT -EnterpriseAppManagement -----EnterpriseID ---------EnrollmentToken ---------StoreProductID ---------StoreUri ---------CertificateSearchCriteria ---------Status ---------CRLCheck ---------EnterpriseApps -------------Inventory -----------------ProductID ---------------------Version ---------------------Title ---------------------Publisher ---------------------InstallDate -------------Download -----------------ProductID ---------------------Version ---------------------Name ---------------------URL ---------------------Status ---------------------LastError ---------------------LastErrorDesc ---------------------DownloadInstall -``` - -***EnterpriseID*** -Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications. - -Supported operations are Add, Delete, and Get. - -***EnterpriseID*/EnrollmentToken** -Required. Used to install or update the binary representation of the application enrollment token (AET) and initiate "phone home" token validation. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/StoreProductID** -Required. The node to host the ProductId node. Scope is dynamic. - -Supported operation is Get. - -**/StoreProductID/ProductId** -The character string that contains the ID of the first enterprise application (usually a Company Hub app), which is automatically installed on the device. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/StoreUri** -Optional. The character string that contains the URI of the first enterprise application to be installed on the device. The enrollment client downloads and installs the application from this URI. Scope is dynamic. - -Supported operations are Get and Add. - -***EnterpriseID*/CertificateSearchCriteria** -Optional. The character string that contains the search criteria to search for the DM-enrolled client certificate. The certificate is used for client authentication during enterprise application download. The company's application content server should use the enterprise-enrolled client certificate to authenticate the device. The value must be a URL encoded representation of the X.500 distinguished name of the client certificates Subject property. The X.500 name must conform to the format required by the [CertStrToName](/windows/win32/api/wincrypt/nf-wincrypt-certstrtonamea) function. This search parameter is case sensitive. Scope is dynamic. - -Supported operations are Get and Add. - -> [!NOTE] -> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 - - - -***EnterpriseID*/Status** -Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic. - -Supported operation is Get. - -***EnterpriseID*/CRLCheck** -Optional. Character value that specifies whether the device should do a CRL check when using a certificate to authenticate the server. Valid values are "1" (CRL check required), "0" (CRL check not required). Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -***EnterpriseID*/EnterpriseApps** -Required. The root node to for individual enterprise application related settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/EnterpriseApps/Inventory** -Required. The root node for individual enterprise application inventory settings. Scope is dynamic (this node is automatically created when EnterpriseID is added to the configuration service provider). - -Supported operation is Get. - -**/Inventory/***ProductID* -Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Version** -Required. The character string that contains the current version of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Title** -Required. The character string that contains the name of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/Publisher** -Required. The character string that contains the name of the publisher of the installed enterprise application. Scope is dynamic. - -Supported operation is Get. - -**/Inventory/*ProductID*/InstallDate** -Required. The time (in the character format YYYY-MM-DD-HH:MM:SS) that the application was installed or updated. Scope is dynamic. - -Supported operation is Get. - -**/EnterpriseApps/Download** -Required. This node groups application download-related parameters. The enterprise server can only automatically update currently installed enterprise applications. The end user controls which enterprise applications to download and install. Scope is dynamic. - -Supported operation is Get. - -**/Download/***ProductID* -Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Version** -Optional. The character string that contains version information (set by the caller) for the application currently being downloaded. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Name** -Required. The character string that contains the name of the installed application. Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/URL** -Optional. The character string that contains the URL for the updated version of the installed application. The device will download application updates from this link. Scope is dynamic. - -Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/Status** -Required. The integer value that indicates the status of the current download process. The following table shows the possible values. - -|Value|Description| -|--- |--- | -|0: CONFIRM|Waiting for confirmation from user.| -|1: QUEUED|Waiting for download to start.| -|2: DOWNLOADING|In the process of downloading.| -|3: DOWNLOADED|Waiting for installation to start.| -|4: INSTALLING|Handed off for installation.| -|5: INSTALLED|Successfully installed| -|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)| -|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.| - -Scope is dynamic. Supported operations are Get, Add, and Replace. - -**/Download/*ProductID*/LastError** -Required. The integer value that indicates the HRESULT of the last error code. If there are no errors, the value is 0 (S\_OK). Scope is dynamic. - -Supported operation is Get. - -**/Download/*ProductID*/LastErrorDesc** -Required. The character string that contains the human readable description of the last error code. - -**/Download/*ProductID*/DownloadInstall** -Required. The node to allow the server to trigger the download and installation for an updated version of the user installed application. The format for this node is null. The server must query the device later to determine the status. For each product ID, the status field is retained for up to one week. Scope is dynamic. - -Supported operation is Exec. - -## Remarks - - -### Install and Update Line of Business (LOB) applications - -A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support a variety of file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section. - -### Uninstall Line of Business (LOB) applications - -A workplace can also remotely uninstall Line of Business applications on the device. It is not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that are not installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section - -### Query installed Store application - -You can determine if a Store application is installed on a system. First, you need the Store application GUID. You can get the Store application GUID by going to the URL for the Store application. - -The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db9e. - -Use the following SyncML format to query to see if the application is installed on a managed device: - -```xml - - 1 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - -``` - -Response from the device (it contains list of subnodes if this app is installed in the device). - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7B D5DC1EBB-A7F1-DF11-9264-00237DE2DB9E%7D - - - node - - -Version/Title/Publisher/InstallDate - - -``` - -### Node Values - -All node values under the ProviderID interior node represent the policy values that the management server wants to set. - -- An Add or Replace command on those nodes returns success in both of the following cases: - - - The value is actually applied to the device. - - - The value isn’t applied to the device because the device has a more secure value set already. - -From a security perspective, the device complies with the policy request that is at least as secure as the one requested. - -- A Get command on those nodes returns the value that the server pushes down to the device. - -- If a Replace command fails, the node value is set to be the previous value before Replace command was applied. - -- If an Add command fails, the node is not created. - -The value actually applied to the device can be queried via the nodes under the DeviceValue interior node. - -## OMA DM examples - - -Enroll enterprise ID “4000000001” for the first time: - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertTokenHere - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/CertificateSearchCriteria - - - - chr - - SearchCriteriaInsertedHere - - -``` - -Update the enrollment token (for example, to update an expired application enrollment token): - -```xml - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnrollmentToken - - - chr - - InsertUpdaedTokenHere - - -``` - -Query all installed applications that belong to enterprise id “4000000001”: - -```xml - - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory?list=StructData - - - - -``` - -Response from the device (that contains two installed applications): - -```xml - - 3 - 1 - 2 - - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D - - - - node - - - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - ExamplePublisher - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-30T21:09:52Z - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Version - - - 1.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Title - - - Sample2 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/Publisher - - - Contoso - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB0322158-C3C2-44EB-8A31-D14A9FEC450E%7D/InstallDate - - - 2012-10-31T21:23:31Z - - -``` - -## Install and update an enterprise application - - -Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”. - -To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. - -> [!NOTE] -> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). -> -> - The application product ID curly braces need to be escaped where { is %7B and } is %7D. - - - -```xml - - 2 - - - 3 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Name - - - - chr - - ContosoApp1 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/URL - - - - chr - - http://contoso.com/enterpriseapps/ContosoApp1.xap - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/Version - - - chr - - 2.0.0.0 - - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - 1 - - - - 4 - - - -./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Download/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D/DownloadInstall - - - - int - - 0 - - - -``` - -## Uninstall enterprise application - - -Uninstall an installed enterprise application with product ID “{7BB316008A-141D-4A79-810F-8B764C4CFDFB }”: - -```xml - - - - 2 - - - ./Vendor/MSFT/EnterpriseAppManagement/4000000001/EnterpriseApps/Inventory/%7BB316008A-141D-4A79-810F-8B764C4CFDFB%7D - - - - - - -``` - -## Related topics - - -[Configuration service provider reference](configuration-service-provider-reference.md) - - - diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md deleted file mode 100644 index d13206d6cb..0000000000 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ /dev/null @@ -1,1116 +0,0 @@ ---- -title: EnterpriseAssignedAccess CSP -description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device. -ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.date: 07/12/2017 ---- - -# EnterpriseAssignedAccess CSP - - -The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching. - -> [!NOTE] -> The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. - -For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). - -The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. - -```console -./Vendor/MSFT -EnterpriseAssignedAccess -----AssignedAccess ---------AssignedAccessXml -----LockScreenWallpaper ---------BGFileName -----Theme ---------ThemeBackground ---------ThemeAccentColorID ---------ThemeAccentColorValue -----Clock ---------TimeZone -----Locale ---------Language -``` - -The following list shows the characteristics and parameters. - -**./Vendor/MSFT/EnterpriseAssignedAccess/** -The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace. - -**AssignedAccess/** -The parent node of assigned access XML. - -**AssignedAccess/AssignedAccessXml** -The XML code that controls the assigned access settings that will be applied to the device. - -Supported operations are Add, Delete, Get and Replace. - -The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML. - -> [!IMPORTANT] -> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability. - -When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters. - -Entry | Description ------------ | ------------ -ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center. -ActionCenter | Example: `` -ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md) -ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `` -ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `` -StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx. -StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large` -Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. -Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `` -Application | modern app notification -Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically. - -Application example: -```xml - - - Large - - 0 - 2 - - - -``` - -Entry | Description ------------ | ------------ -Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar. - -Application example: -```xml - - - - - Large - - 1 - 4 - - - - - - - Large - - 1 - 6 - - - - -``` - -Entry | Description ------------ | ------------ -Folder | A folder should be contained in `` node among with other `` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder. - -Folder example: -```xml - - - Large - - 0 - 2 - - - -``` -An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder. - -```xml - - - Medium - - 0 - 0 - - 2 - - -``` - -Entry | Description ------------ | ------------ -Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages. - -
    -
  • System (main menu) - SettingsPageGroupPCSystem -
      -
    • Display - SettingsPageDisplay
      • -
    • Notifications & actions - SettingsPageAppsNotifications
      • -
    • Phone - SettingsPageCalls
      • -
    • Messaging - SettingsPageMessaging
      • -
    • Battery saver - SettingsPageBatterySaver
      • -
    • Storage - SettingsPageStorageSenseStorageOverview
      • -
    • Driving mode - SettingsPageDrivingMode
      • -
    • Offline maps - SettingsPageMaps
      • -
    • About - SettingsPagePCSystemInfo
      • -
    • Apps for websites - SettingsPageAppsForWebsites
      • -
    • -
  • Devices (main menu) - SettingsPageGroupDevices -
      -
    • Default camera - SettingsPagePhotos
      • -
    • Bluetooth - SettingsPagePCSystemBluetooth
      • -
    • NFC - SettingsPagePhoneNFC
      • -
    • Mouse - SettingsPageMouseTouchpad
      • -
    • USB - SettingsPageUsb
      • -
    • -
  • Network and wireless (main menu) - SettingsPageGroupNetwork -
      -
    • Cellular and SIM - SettingsPageNetworkCellular
      • -
    • Wi-Fi - SettingsPageNetworkWiFi
      • -
    • Airplane mode - SettingsPageNetworkAirplaneMode
      • -
    • Data usage - SettingsPageDataSenseOverview
      • -
    • Mobile hotspot - SettingsPageNetworkMobileHotspot
      • -
    • VPN - SettingsPageNetworkVPN
      • -
    • -
    • -
  • Personalization (main menu) - SettingsPageGroupPersonalization -
      -
    • Start - SettingsPageBackGround
      • -
    • Colors - SettingsPageColors
      • -
    • Sounds - SettingsPageSounds
      • -
    • Lock screen - SettingsPageLockscreen
      • -
    • Glance - SettingsPageGlance
      • -
    • Navigation bar - SettingsNavigationBar
      • -
    • -
  • Accounts (main menu) - SettingsPageGroupAccounts -
      -
    • Your account - SettingsPageAccountsPicture
      • -
    • Sign-in options - SettingsPageAccountsSignInOptions
      • -
    • Work access - SettingsPageWorkAccess
      • -
    • Sync your settings - SettingsPageAccountsSync
      • -
    • Apps corner* - SettingsPageAppsCorner
      • -
    • Email - SettingsPageAccountsEmailApp
      • -
    • -
  • Time and language (main menu) - SettingsPageGroupTimeRegion -
      -
    • Date and time - SettingsPageTimeRegionDateTime
      • -
    • Language - SettingsPageTimeLanguage
      • -
    • Region - SettingsPageRegion
      • -
    • Keyboard - SettingsPageKeyboard
      • -
    • Speech - SettingsPageSpeech
      • -
    • -
  • Ease of access (main menu) - SettingsPageGroupEaseOfAccess -
      -
    • Narrator - SettingsPageEaseOfAccessNarrator
      • -
    • Magnifier - SettingsPageEaseOfAccessMagnifier
      • -
    • High contrast - SettingsPageEaseOfAccessHighContrast
      • -
    • Closed captions - SettingsPageEaseOfAccessClosedCaptioning
      • -
    • More options - SettingsPageEaseOfAccessMoreOptions
      • -
    • -
  • Privacy (main menu) - SettingsPageGroupPrivacy -
      -
    • Location - SettingsPagePrivacyLocation
      • -
    • Camera - SettingsPagePrivacyWebcam
      • -
    • Microphone - SettingsPagePrivacyMicrophone
      • -
    • Motion - SettingsPagePrivacyMotionData
      • -
    • Speech inking and typing - SettingsPagePrivacyPersonalization
      • -
    • Account info - SettingsPagePrivacyAccountInfo
      • -
    • Contacts - SettingsPagePrivacyContacts
      • -
    • Calendar - SettingsPagePrivacyCalendar
      • -
    • Messaging - SettingsPagePrivacyMessaging
      • -
    • Radios - SettingsPagePrivacyRadios
      • -
    • Background apps - SettingsPagePrivacyBackgroundApps
      • -
    • Accessory apps - SettingsPageAccessories
      • -
    • Advertising ID - SettingsPagePrivacyAdvertisingId
      • -
    • Other devices - SettingsPagePrivacyCustomPeripherals
      • -
    • Feedback & diagnostics - SettingsPagePrivacySIUFSettings
      • -
    • Call history - SettingsPagePrivacyCallHistory
      • -
    • Email - SettingsPagePrivacyEmail
      • -
    • Phone call - SettingsPagePrivacyPhoneCall
      • -
    • Notifications - SettingsPagePrivacyNotifications
      • -
    • CDP - SettingsPagePrivacyCDP
      • -
    • -
  • Update and Security (main menu) - SettingsPageGroupRestore -
      -
    • Phone update - SettingsPageRestoreMusUpdate
      • -
    • Backup - SettingsPageRestoreOneBackup
      • -
    • Find my phone - SettingsPageFindMyDevice
      • -
    • For developers - SettingsPageSystemDeveloperOptions
      • -
    • Windows Insider Program - SettingsPageFlights
      • -
    • Device encryption - SettingsPageGroupPCSystemDeviceEncryption
      • -
    • -
  • OEM (main menu) - SettingsPageGroupExtensibility -
      -
    • Extensibility - SettingsPageExtensibility
      • -
    • -
- -Entry | Description ------------ | ------------ -Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI. - -For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page. - -Here is an example for Windows 10, version 1703. - -```xml - - - - - - - - - -``` - -**Quick action settings** - -Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). - -> [!NOTE] -> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. - -
    -

  • SystemSettings_System_Display_QuickAction_Brightness

    -

    Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay

    • -

  • SystemSettings_System_Display_Internal_Rotation

    -

    Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay

    • -

  • SystemSettings_QuickAction_WiFi

    -

    Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkWiFi

    • -

  • SystemSettings_QuickAction_InternetSharing

    -

    Dependencies - SettingsPageGroupNetwork, SettingsPageInternetSharing

    • -

  • SystemSettings_QuickAction_CellularData

    -

    Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkCellular

    • -

  • SystemSettings_QuickAction_AirplaneMode

    -

    Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkAirplaneMode

    • -

  • SystemSettings_Privacy_LocationEnabledUserPhone

    -

    Dependencies - SettingsGroupPrivacyLocationGlobals, SettingsPagePrivacyLocation

    • -

  • SystemSettings_Network_VPN_QuickAction

    -

    Dependencies - SettingsPageGroupNetwork, SettingsPageNetworkVPN

    • -

  • SystemSettings_Launcher_QuickNote

    -

    Dependencies - none

    • -

  • SystemSettings_Flashlight_Toggle

    -

    Dependencies - none

    • -

  • SystemSettings_Device_BluetoothQuickAction

    -

    Dependencies - SettingsPageGroupDevices, SettingsPagePCSystemBluetooth

    • -

  • SystemSettings_BatterySaver_LandingPage_OverrideControl

    -

    Dependencies - BatterySaver_LandingPage_SettingsConfiguration, SettingsPageBatterySaver

    • -

  • QuickActions_Launcher_DeviceDiscovery

    -

    Dependencies - none

    • -

  • QuickActions_Launcher_AllSettings

    -

    Dependencies - none

    • -

  • SystemSettings_QuickAction_QuietHours

    -

    Dependencies - none

    • -

  • SystemSettings_QuickAction_Camera

    -

    Dependencies - none

    • -
- -Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list: -- QuickActions_Launcher_AllSettings -- QuickActions_Launcher_DeviceDiscovery -- SystemSettings_BatterySaver_LandingPage_OverrideControl -- SystemSettings_Device_BluetoothQuickAction -- SystemSettings_Flashlight_Toggle -- SystemSettings_Launcher_QuickNote -- SystemSettings_Network_VPN_QuickAction -- SystemSettings_Privacy_LocationEnabledUserPhone -- SystemSettings_QuickAction_AirplaneMode -- SystemSettings_QuickAction_Camera -- SystemSettings_QuickAction_CellularData -- SystemSettings_QuickAction_InternetSharing -- SystemSettings_QuickAction_QuietHours -- SystemSettings_QuickAction_WiFi -- SystemSettings_System_Display_Internal_Rotation -- SystemSettings_System_Display_QuickAction_Brightness - - -In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked. - -```xml - - -``` - -In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names. - -```xml - - - - - - - - - - - - -``` -Here is an example for Windows 10, version 1703. - -```xml - - - - - - - - - -``` - -Entry | Description ------------ | ------------ -Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen. - -
    -

  • Start

    -

  • Back

    • -

  • Search

    • -

  • Camera

    • -

  • Custom1

    • -

  • Custom2

    • -

  • Custom3

    • -
- -> [!NOTE] -> Lock down of the Start button only prevents the press and hold event. -> -> Custom buttons are hardware buttons that can be added to devices by OEMs. - -Buttons example: -```xml - - - - - - - - - -``` -The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users. - -> [!NOTE] -> The lockdown settings for a button, per user role, will apply regardless of the button mapping. -> -> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role. - -To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open. - -```xml - - - -``` -**Disabling navigation buttons** -To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press"). - -The following section contains a sample lockdown XML file that shows how to disable navigation buttons. - -```xml - - - - - - - - - Large - - 0 - 0 - - - - - - - - Small - - 2 - 2 - - - - - - - - - - - - - - - - - - - - - - - - - Small - - -``` - -Entry | Description ------------ | ------------ -MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create. - -> [!IMPORTANT] -> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps. - -MenuItems example: - -```xml - - - -``` - -Entry | Description ------------ | ------------ -Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. - -> [!IMPORTANT] -> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. - -The following sample file contains configuration for enabling tile manipulation. - -> [!NOTE] -> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node. - -```xml - - - - - - - - - Large - - 0 - 0 - - - - - - - - Small - - 2 - 2 - - - - - - - - - - - - - - - - - - - - - - - - - Small - - -``` - -Entry | Description ------------ | ------------ -CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role. - - -**LockscreenWallpaper/** -The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace. - -**LockscreenWallpaper/BGFileName** -The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper. - -Supported operations are Add, Get, and Replace. - -**Theme/** -The parent node of theme-related parameters. - -Supported operations are Add, Delete, Get and Replace. - -**Theme/ThemeBackground** -Indicates whether the background color is light or dark. Set to **0** for light; set to **1** for dark. - -Supported operations are Get and Replace. - -**Theme/ThemeAccentColorID** -The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values. - -|Value|Description| -|--- |--- | -|0|Lime| -|1|Green| -|2|Emerald| -|3|Teal (Viridian)| -|4|Cyan (Blue)| -|5|Cobalt| -|6|Indigo| -|7|Violet (Purple)| -|8|Pink| -|9|Magenta| -|10|Crimson| -|11|Red| -|12|Orange (Mango)| -|13|Amber| -|14|Yellow| -|15|Brown| -|16|Olive| -|17|Steel| -|18|Mauve| -|19|Sienna| -|101 through 104|Optional colors, as defined by the OEM| -|151|Custom accent color for Enterprise| - -Supported operations are Get and Replace. - -**Theme/ThemeAccentColorValue** -A 6-character string for the accent color to apply to controls and other visual elements. - -To use a custom accent color for Enterprise, enter **151** for *ThemeAccentColorID* before *ThemeAccentColorValue* in lockdown XML. *ThemeAccentColorValue* configures the custom accent color using hex values for red, green, and blue, in RRGGBB format. For example, enter FF0000 for red. - -Supported operations are Get and Replace. - -**PersistData** -Not supported in Windows 10. - -The parent node of whether to persist data that has been provisioned on the device. - -**PersistData/PersistProvisionedData** -Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CSP](remotewipe-csp.md) instead. - -**Clock/TimeZone/** -An integer that specifies the time zone of the device. The following table shows the possible values. - -Supported operations are Get and Replace. - -|Value|Time zone| -|--- |--- | -|0|UTC-12 International Date Line West| -|100|UTC+13 Samoa| -|110|UTC-11 Coordinated Universal Time-11| -|200|UTC-10 Hawaii| -|300|UTC-09 Alaska| -|400|UTC-08 Pacific Time (US & Canada)| -|410|UTC-08 Baja California| -|500|UTC-07 Mountain Time (US & Canada)| -|510|UTC-07 Chihuahua, La Paz, Mazatlan| -|520|UTC-07 Arizona| -|600|UTC-06 Saskatchewan| -|610|UTC-06 Central America| -|620|UTC-06 Central Time (US & Canada)| -|630|UTC-06 Guadalajara, Mexico City, Monterrey| -|700|UTC-05 Eastern Time (US & Canada)| -|710|UTC-05 Bogota, Lima, Quito| -|720|UTC-05 Indiana (East)| -|800|UTC-04 Atlantic Time (Canada)| -|810|UTC-04 Cuiaba| -|820|UTC-04 Santiago| -|830|UTC-04 Georgetown, La Paz, Manaus, San Juan| -|840|UTC-04 Caracas| -|850|UTC-04 Asuncion| -|900|UTC-03:30 Newfoundland| -|910|UTC-03 Brasilia| -|920|UTC-03 Greenland| -|930|UTC-03 Montevideo| -|940|UTC-03 Cayenne, Fortaleza| -|950|UTC-03 Buenos Aires| -|960|UTC-03 Salvador| -|1000|UTC-02 Mid-Atlantic| -|1010|UTC-02 Coordinated Universal Time-02| -|1100|UTC-01 Azores| -|1110|UTC-01 Cabo Verde| -|1200|UTC Dublin, Edinburgh, Lisbon, London| -|1210|UTC Monrovia, Reykjavik| -|1220|UTC Casablanca| -|1230|UTC Coordinated Universal Time| -|1300|UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague| -|1310|UTC+01 Sarajevo, Skopje, Warsaw, Zagreb| -|1320|UTC+01 Brussels, Copenhagen, Madrid, Paris| -|1330|UTC+01 West Central Africa| -|1340|UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna| -|1350|UTC+01 Windhoek| -|1360|UTC+01 Tripoli| -|1400|UTC+02 E. Europe| -|1410|UTC+02 Cairo| -|1420|UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius| -|1430|UTC+02 Athens, Bucharest| -|1440|UTC+02 Jerusalem| -|1450|UTC+02 Amman| -|1460|UTC+02 Beirut| -|1470|UTC+02 Harare, Pretoria| -|1480|UTC+02 Damascus| -|1490|UTC+02 Istanbul| -|1500|UTC+03 Kuwait, Riyadh| -|1510|UTC+03 Baghdad| -|1520|UTC+03 Nairobi| -|1530|UTC+03 Kaliningrad, Minsk| -|1540|UTC+04 Moscow, St. Petersburg, Volgograd| -|1550|UTC+03 Tehran| -|1600|UTC+04 Abu Dhabi, Muscat| -|1610|UTC+04 Baku| -|1620|UTC+04 Yerevan| -|1630|UTC+04 Kabul| -|1640|UTC+04 Tbilisi| -|1650|UTC+04 Port Louis| -|1700|UTC+06 Ekaterinburg| -|1710|UTC+05 Tashkent| -|1720|UTC+05 Chennai, Kolkata, Mumbai, New Delhi| -|1730|UTC+05 Sri Jayawardenepura| -|1740|UTC+05 Kathmandu| -|1750|UTC+05 Islamabad, Karachi| -|1800|UTC+06 Astana| -|1810|UTC+07 Novosibirsk| -|1820|UTC+06 Yangon (Rangoon)| -|1830|UTC+06 Dhaka| -|1900|UTC+08 Krasnoyarsk| -|1910|UTC+07 Bangkok, Hanoi, Jakarta| -|1900|UTC+08 Krasnoyarsk| -|2000|UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi| -|2010|UTC+09 Irkutsk| -|2020|UTC+08 Kuala Lumpur, Singapore| -|2030|UTC+08 Taipei| -|2040|UTC+08 Perth| -|2050|UTC+08 Ulaanbaatar| -|2100|UTC+09 Seoul| -|2110|UTC+09 Osaka, Sapporo, Tokyo| -|2120|UTC+10 Yakutsk| -|2130|UTC+09 Darwin| -|2140|UTC+09 Adelaide| -|2200|UTC+10 Canberra, Melbourne, Sydney| -|2210|UTC+10 Brisbane| -|2220|UTC+10 Hobart| -|2230|UTC+11 Vladivostok| -|2240|UTC+10 Guam, Port Moresby| -|2300|UTC+11 Solomon Is., New Caledonia| -|2310|UTC+12 Magadan| -|2400|UTC+12 Fiji| -|2410|UTC+12 Auckland, Wellington| -|2420|UTC+12 Petropavlovsk-Kamchatsky| -|2430|UTC+12 Coordinated Universal Time +12| -|2500|UTC+13 Nuku'alofa| - -**Locale/Language/** -The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c). - -The language setting is configured in the Default User profile only. - -> [!NOTE] -> Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required. - -Supported operations are Get and Replace. - -## OMA client provisioning examples - - -The XML examples in this section show how to perform various tasks by using OMA client provisioning. - -> [!NOTE] -> These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file. - - - -### Assigned Access settings - -The following example shows how to add a new policy. - -```xml - - - - "/> - - - -``` - -### Language - -The following example shows how to specify the language to display on the device. - -```xml - - - - - - -``` - -## OMA DM examples - - -These XML examples show how to perform various tasks using OMA DM. - -### Assigned access settings - -The following example shows how to lock down a device. - -```xml - - - - 2 - - - ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml - -