deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into privacy-update-vb

Browse Source
This commit is contained in:
Daniel H. Brown 2023-02-22 13:23:06 -08:00
commit 021b30d2f4
781 changed files with 5223 additions and 5475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
.openpublishing.redirection.json
View File

@ -20514,6 +20514,86 @@
"source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md",
"redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies",
"redirect_document_id": true
},
{
"source_path": "windows/client-management/mdm/policy-ddf-file.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
"redirect_document_id": true
},
{
"source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
"redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
"redirect_document_id": true
},
{
"source_path": "windows/security/information-protection/tpm/change-the-tpm-owner-password.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/get-support-for-security-baselines.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/information-protection/tpm/manage-tpm-commands.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/information-protection/tpm/manage-tpm-lockout.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
},
{
"source_path": "windows/whats-new/windows-10-insider-preview.md",
"redirect_url": "/windows/whats-new",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
"redirect_url": "/windows/security",
"redirect_document_id": false
}
]
}

3
browsers/edge/docfx.json
View File

@ -28,6 +28,9 @@
],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier3"
],
"breadcrumb_path": "/microsoft-edge/breadcrumbs/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.technology": "microsoft-edge",

1
browsers/edge/microsoft-edge-faq.yml
View File

@ -2,6 +2,7 @@
metadata:
title: Microsoft Edge - Frequently Asked Questions (FAQ) for IT Pros
ms.reviewer:
ms.date: 12/14/2020
audience: itpro
manager: dansimp
description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.

4
browsers/enterprise-mode/enterprise-mode.md
View File

@ -11,7 +11,7 @@ ms.reviewer:
manager: dansimp
title: Enterprise Mode for Microsoft Edge
ms.sitesec: library
ms.date: ''
ms.date: 07/17/2018
---
# Enterprise Mode for Microsoft Edge
@ -55,5 +55,3 @@ You can build and manage your Enterprise Mode Site List is by using any generic
### Add multiple sites to the site list

3
browsers/enterprise-mode/turn-on-enterprise-mode-and-use-a-site-list.md
View File

@ -1,3 +1,6 @@
---
ms.date: 07/17/2018
---
Before you can use a site list with Enterprise Mode, you must turn the functionality on and set up the system for centralized control. By allowing
centralized control, you can create one global list of websites that render using Enterprise Mode. Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list if found, with a different version number than the active list, IE11 loads and uses the newer version. After the initial check, IE11 wont look for an updated list again until you restart the browser.

3
browsers/enterprise-mode/what-is-enterprise-mode-include.md
View File

@ -1,3 +1,6 @@
---
ms.date: 07/17/2018
---
## What is Enterprise Mode?
Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration thats designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.

3
browsers/internet-explorer/docfx.json
View File

@ -24,6 +24,9 @@
],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier3"
],
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
"ms.topic": "article",

1
browsers/internet-explorer/ie11-deploy-guide/index.md
View File

@ -9,6 +9,7 @@ title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Expl
ms.sitesec: library
ms.localizationpriority: medium
manager: dansimp
ms.date: 02/24/2016
---

6
browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
View File

@ -6,6 +6,7 @@ author: dansimp
ms.prod: ie11
ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
ms.reviewer:
ms.date: 03/15/2016
audience: itpro
manager: dansimp
ms.author: dansimp
@ -60,8 +61,3 @@ You can also click **Select All** to add, or **Clear All** to remove, all of the
 
 

1
browsers/internet-explorer/ie11-ieak/index.md
View File

@ -9,6 +9,7 @@ title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
ms.sitesec: library
ms.localizationpriority: medium
manager: dansimp
ms.date: 03/15/2016
---

10
browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
View File

@ -1,16 +1,12 @@
---
author: aczechowski
ms.author: aaroncz
ms.date: 12/16/2022
ms.date: 02/14/2023
ms.reviewer: cathask
manager: aaroncz
ms.prod: ie11
ms.topic: include
---
> [!WARNING]
> **Update:** The retired, out-of-support Internet Explorer 11 desktop application is scheduled to be permanently disabled through a Microsoft Edge update on certain versions of Windows 10 on February 14, 2023.
>
> We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization does not experience business disruption.
>
> For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).
> [!CAUTION]
> **Update:** The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see [Internet Explorer 11 desktop app retirement FAQ](https://aka.ms/iemodefaq).

5
education/docfx.json
View File

@ -29,7 +29,10 @@
"globalMetadata": {
"recommendations": true,
"ms.topic": "article",
"ms.collection": "education",
"ms.collection": [
"education",
"tier2"
],
"ms.prod": "windows-client",
"ms.technology": "itpro-edu",
"author": "paolomatarazzo",

3
education/includes/education-content-updates.md
View File

@ -1,3 +1,6 @@
---
ms.date: 10/24/2020
---
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->

2
education/index.yml
View File

@ -45,7 +45,7 @@ productDirectory:
text: Azure information protection deployment acceleration guide
- url: /defender-cloud-apps/get-started
text: Microsoft Defender for Cloud Apps
- url: /microsoft-365/compliance/create-test-tune-dlp-policy
- url: /microsoft-365/compliance/information-protection#prevent-data-loss
text: Data loss prevention
- url: /microsoft-365/compliance/
text: Microsoft Purview compliance

1
education/windows/autopilot-reset.md
View File

@ -7,6 +7,7 @@ appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
ms.collection:
- highpri
- tier2
- education
---

3
education/windows/change-home-to-edu.md
View File

@ -7,6 +7,9 @@ author: scottbreenmsft
ms.author: scbree
ms.reviewer: paoloma
manager: jeffbu
ms.collection:
- tier3
- education
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
---

3
education/windows/change-to-pro-education.md
View File

@ -7,6 +7,7 @@ appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
ms.collection:
- highpri
- tier2
- education
---
@ -147,7 +148,7 @@ Existing Azure AD domain joined devices will be changed to Windows 10 Pro Educat
### For new devices that are not Azure AD joined
Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
#### Step 1: Join users devices to Azure AD
#### Step 1: Join users' devices to Azure AD
Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607 or higher, version 1703.

4
education/windows/configure-aad-google-trust.md
View File

@ -1,7 +1,7 @@
---
title: Configure federation between Google Workspace and Azure AD
description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
ms.date: 01/17/2023
ms.date: 02/10/2023
ms.topic: how-to
---
@ -42,7 +42,7 @@ To test federation, the following prerequisites must be met:
1. On the *Service provider details* page
- Select the option **Signed response**
- Verify that the Name ID format is set to **PERSISTENT**
- Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping. For more information, see (article to write).\
- Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\
If using Google auto-provisioning, select **Basic Information > Primary email**
- Select **Continue**
1. On the *Attribute mapping* page, map the Google attributes to the Azure AD attributes

1
education/windows/edu-stickers.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Configure Stickers for Windows 11 SE

4
education/windows/federated-sign-in.md
View File

@ -5,6 +5,10 @@ ms.date: 01/12/2023
ms.topic: how-to
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
- highpri
- tier1
- education
---
<!-- MAXADO-6286399 -->

1
education/windows/get-minecraft-for-education.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Get Minecraft: Education Edition

BIN
education/windows/images/suspcs/2023-02-16_13-02-37.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 221 KiB

7
education/windows/school-get-minecraft.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# For IT administrators - get Minecraft: Education Edition
@ -34,7 +35,7 @@ If you turn off this setting after students have been using Minecraft: Education
Users in a Microsoft verified academic institution account will have access to the free trial limited logins for Minecraft: Education Edition. This grants faculty accounts 25 free logins and student accounts 10 free logins. To purchase direct licenses, see [Minecraft: Education Edition - direct purchase](#individual-copies).
If youve been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
If you've been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
### <a href="" id="individual-copies"></a>Minecraft: Education Edition - direct purchase
@ -48,7 +49,7 @@ If youve been approved and are part of the Enrollment for Education Solutions
5. Select the quantity of licenses you would like to purchase and select **Place Order**.
6. After youve purchased licenses, youll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
6. After you've purchased licenses, you'll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses).
@ -57,7 +58,7 @@ If you need additional licenses for **Minecraft: Education Edition**, see [Buy o
Qualified education institutions can purchase Minecraft: Education Edition licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions (EES) volume licensing program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this:
- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the licenses will be available in your [Microsoft Store for Education](https://www.microsoft.com/business-store) inventory.
- Youll receive an email with a link to Microsoft Store for Education.
- You'll receive an email with a link to Microsoft Store for Education.
- Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
## Minecraft: Education Edition payment options

1
education/windows/teacher-get-minecraft.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# For teachers - get Minecraft: Education Edition

1
education/windows/test-windows10s-for-edu.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier2
---
# Test Windows 10 in S mode on existing Windows 10 education devices

10
education/windows/windows-11-se-overview.md
View File

@ -8,6 +8,7 @@ appliesto:
ms.collection:
- highpri
- education
- tier1
---
# Windows 11 SE Overview
@ -93,6 +94,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Class Policy` | 114.0.0 | Win32 | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` |
| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` |
| `ColorVeil` | 4.0.0.175 | Win32 | `East-Tec` |
| `ContentKeeper Cloud` | 9.01.45 | Win32 | `ContentKeeper Technologies` |
| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` |
@ -104,7 +107,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` |
| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` |
| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` |
| `Google Chrome` | 102.0.5005.115 | Win32 | `Google` |
| `Google Chrome` | 109.0.5414.75 | Win32 | `Google` |
| `GuideConnect` | 1.23 | Win32 | `Dolphin Computer Access` |
| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` |
| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` |
| `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` |
@ -137,10 +141,10 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` |
| `Safe Exam Browser` | 3.4.1.505 | Win32 | `Safe Exam Browser` |
| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` |
| `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` |
| `Smoothwall Monitor` | 2.9.2 | Win32 | `Smoothwall Ltd` |
| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` |
| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development`
|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` |
| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.23 | Win32 | `Mathetmots` |

3
education/windows/windows-11-se-settings-list.md
View File

@ -5,6 +5,9 @@ ms.topic: article
ms.date: 09/12/2022
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
- education
- tier1
---
# Windows 11 SE for Education settings list

3
store-for-business/docfx.json
View File

@ -32,6 +32,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
"ms.author": "trudyha",
"audience": "ITPro",

3
store-for-business/includes/store-for-business-content-updates.md
View File

@ -1,3 +1,6 @@
---
ms.date: 10/31/2020
---
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->

3
windows/application-management/docfx.json
View File

@ -35,6 +35,9 @@
"globalMetadata": {
"recommendations": true,
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"ms.collection": [
"tier2"
],
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-apps",
"ms.topic": "article",

210
windows/application-management/system-apps-windows-client-os.md
View File

@ -43,314 +43,314 @@ The following information lists the system apps on some Windows Enterprise OS ve
- File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- InputApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AccountsControl | Package name: Microsoft.AccountsControl
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Hello setup UI | Package name: Microsoft.BioEnrollment
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.CredDialogHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.ECApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.LockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft Edge | Package name: Microsoft.MicrosoftEdge
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.MicrosoftEdgeDevToolsClient
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.PPIProjection
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.Win32WebViewHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.Apprep.ChxApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.AssignedAccessLockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CapturePicker
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CloudExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ContentDeliveryManager
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Cortana | Package name: Microsoft.Windows.Cortana
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | | | ✔️ |
---
- Microsoft.Windows.OOBENetworkCaptivePort
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.OOBENetworkConnectionFlow
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ParentalControls
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- People Hub | Package name: Microsoft.Windows.PeopleExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.PinningConfirmationDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecHealthUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecureAssessmentBrowser
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Start | Package name: Microsoft.Windows.ShellExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.XboxGameCallableUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Windows.CBSPreview
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Settings | Package name: Windows.immersivecontrolpanel
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---
- Print 3D | Package name: Windows.Print3D
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ✔️ | | | ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ✔️ | ✔️ | | | ✔️ |
---
- Print UI | Package name: Windows.PrintDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
| --- | --- | --- | --- | --- | --- |
| | ❌ | ❌ | ✔️ | ✔️| ✔️ |
---

4
windows/client-management/administrative-tools-in-windows-10.md
View File

@ -8,7 +8,9 @@ manager: aaroncz
ms.localizationpriority: medium
ms.date: 03/28/2022
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---

4
windows/client-management/azure-active-directory-integration-with-mdm.md
View File

@ -8,7 +8,9 @@ ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---

8
windows/client-management/change-history-for-mdm-documentation.md
View File

@ -185,7 +185,7 @@ As of November 2020 This page will no longer be updated. This article lists new
|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
|[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
|[Policy DDF file](mdm/policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:<li>Browser/AllowFullScreenMode<li>Browser/AllowPrelaunch<li>Browser/AllowPrinting<li>Browser/AllowSavingHistory<li>Browser/AllowSideloadingOfExtensions<li>Browser/AllowTabPreloading<li>Browser/AllowWebContentOnNewTabPage<li>Browser/ConfigureFavoritesBar<li>Browser/ConfigureHomeButton<li>Browser/ConfigureKioskMode<li>Browser/ConfigureKioskResetAfterIdleTimeout<li>Browser/ConfigureOpenMicrosoftEdgeWith<li>Browser/ConfigureTelemetryForMicrosoft365Analytics<li>Browser/PreventCertErrorOverrides<li>Browser/SetHomeButtonURL<li>Browser/SetNewTabPageURL<li>Browser/UnlockHomeButton<li>Experience/DoNotSyncBrowserSettings<li>Experience/PreventUsersFromTurningOnBrowserSyncing<li>Kerberos/UPNNameHints<li>Privacy/AllowCrossDeviceClipboard<li>Privacy<li>DisablePrivacyExperience<li>Privacy/UploadUserActivities<li>System/AllowDeviceNameInDiagnosticData<li>System/ConfigureMicrosoft365UploadEndpoint<li>System/DisableDeviceDelete<li>System/DisableDiagnosticDataViewer<li>Storage/RemovableDiskDenyWriteAccess<li>Update/UpdateNotificationLevel<br/><br/>Start/DisableContextMenus - added in Windows 10, version 1803.<br/><br/>RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
## July 2018
@ -217,7 +217,7 @@ As of November 2020 This page will no longer be updated. This article lists new
|New or updated article|Description|
|--- |--- |
|[Policy DDF file](mdm/policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
## April 2018
@ -281,7 +281,7 @@ As of November 2020 This page will no longer be updated. This article lists new
| New or updated article | Description |
| --- | --- |
| [Policy DDF file](mdm/policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
| [Policy DDF file](mdm/configuration-service-provider-ddf.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
| [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:<br/><br/>- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` <br/>- Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
| [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
| [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
@ -313,5 +313,5 @@ As of November 2020 This page will no longer be updated. This article lists new
|[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:<li>Installation/CurrentStatus|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
|[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:<li>Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.<li>Changed some data types from integer to bool.<li>Updated the list of supported operations for some settings.<li>Added default values.|
|[Policy DDF file](mdm/policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:<li>Browser/ProvisionFavorites<li>Browser/LockdownFavorites<li>ExploitGuard/ExploitProtectionSettings<li>Games/AllowAdvancedGamingServices<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations<li>Privacy/EnableActivityFeed<li>Privacy/PublishUserActivities<li>Update/DisableDualScan<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork<br/><br/>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.<br/><br/>Changed the names of the following policies:<li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications<li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess<br/><br/>Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).<br/><br/>There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:<li>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts<li>Start/HideAppList|

4
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -9,7 +9,9 @@ ms.date: 01/18/2022
ms.reviewer:
manager: aaroncz
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---

4
windows/client-management/device-update-management.md
View File

@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/15/2017
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile device management (MDM) for device updates

4
windows/client-management/diagnose-mdm-failures-in-windows-10.md
View File

@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/25/2018
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Diagnose MDM failures in Windows 10

3
windows/client-management/docfx.json
View File

@ -34,6 +34,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-manage",

4
windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -9,7 +9,9 @@ author: vinaypamnani-msft
ms.date: 04/30/2022
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Enroll a Windows 10 device automatically using Group Policy

1
windows/client-management/index.yml
View File

@ -11,6 +11,7 @@ metadata:
ms.technology: itpro-manage
ms.collection:
- highpri
- tier1
author: aczechowski
ms.author: aaroncz
manager: dougeby

4
windows/client-management/mandatory-user-profile.md
View File

@ -8,7 +8,9 @@ ms.date: 09/14/2021
ms.reviewer:
manager: aaroncz
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-manage
---

4
windows/client-management/mdm-enrollment-of-windows-devices.md
View File

@ -11,7 +11,9 @@ ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---

4
windows/client-management/mdm-overview.md
View File

@ -9,7 +9,9 @@ ms.localizationpriority: medium
author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile Device Management overview

583
windows/client-management/mdm/configuration-service-provider-ddf.md
View File

@ -9,14 +9,578 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Configuration service provider DDF files
This topic shows the OMA DM device description framework (DDF) for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
This article lists the OMA DM device description framework (DDF) files for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
You can download the DDF files for various CSPs from the links below:
As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
- [DDF v2 Files, December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
## DDF v2 schema
DDF v2 XML schema definition is listed below along with the schema definition for the referenced `MSFT` namespace.
- Schema definition for DDF v2:
```xml
<?xml version="1.0" encoding="Windows-1252"?>
<xs:schema xmlns="http://tempuri.org/DM_DDF-V1_2" elementFormDefault="qualified" targetNamespace="http://tempuri.org/DM_DDF-V1_2"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<xs:import schemaLocation="DDFv2Msft.xsd" namespace="http://schemas.microsoft.com/MobileDevice/DM" />
<xs:element name="MgmtTree">
<xs:annotation>
<xs:documentation>Starting point for DDF</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="VerDTD" />
<xs:element minOccurs="1" ref="MSFT:Diagnostics" />
<xs:element minOccurs="1" maxOccurs="unbounded" ref="Node" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="VerDTD" type="xs:string" />
<xs:element name="Node">
<xs:annotation>
<xs:documentation>Main Recurring XML tag describing nodes of the CSP</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="NodeName" />
<xs:element minOccurs="0" maxOccurs="1" ref="Path" />
<xs:element minOccurs="1" maxOccurs="1" ref="DFProperties" />
<xs:choice>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="Node" />
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="NodeName" type="xs:anyURI" />
<xs:element name="Path" type="xs:anyURI" />
<xs:element name="MIME" type="xs:string" />
<xs:element name="DDFName" type="xs:string" />
<xs:element name="DFProperties">
<xs:complexType>
<xs:sequence>
<xs:element ref="AccessType" />
<xs:element minOccurs="0" maxOccurs="1" ref="DefaultValue" />
<xs:element minOccurs="0" maxOccurs="1" ref="Description" />
<xs:element ref="DFFormat" />
<xs:element minOccurs="0" maxOccurs="1" ref="Occurrence" />
<xs:element minOccurs="0" maxOccurs="1" ref="Scope" />
<xs:element minOccurs="0" maxOccurs="1" ref="DFTitle" />
<xs:element ref="DFType" />
<xs:element minOccurs="0" maxOccurs="1" ref="CaseSense" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Applicability" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DynamicNodeNaming" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AllowedValues" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ReplaceBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:RebootBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:GpMapping" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:CommonErrorResults" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Deprecated" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DependencyBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ConflictResolution" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AtomicRequired" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AccessType">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="Add" />
<xs:element minOccurs="0" maxOccurs="1" name="Copy" />
<xs:element minOccurs="0" maxOccurs="1" name="Delete" />
<xs:element minOccurs="0" maxOccurs="1" name="Exec" />
<xs:element minOccurs="0" maxOccurs="1" name="Get" />
<xs:element minOccurs="0" maxOccurs="1" name="Replace" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="DefaultValue" type="xs:string" />
<xs:element name="Description" type="xs:string" />
<xs:element name="DFFormat">
<xs:complexType>
<xs:choice>
<xs:element name="b64" />
<xs:element name="bin" />
<xs:element name="bool" />
<xs:element name="chr" />
<xs:element name="int" />
<xs:element name="node" />
<xs:element name="null" />
<xs:element name="xml" />
<xs:element name="date" />
<xs:element name="time" />
<xs:element name="float" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="Occurrence">
<xs:complexType>
<xs:choice>
<xs:element name="One" />
<xs:element name="ZeroOrOne" />
<xs:element name="ZeroOrMore" />
<xs:element name="OneOrMore" />
<xs:element name="ZeroOrN" type="xs:integer" />
<xs:element name="OneOrN" type="xs:integer" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="Scope">
<xs:complexType>
<xs:choice>
<xs:element name="Permanent" />
<xs:element name="Dynamic" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="DFTitle" type="xs:string" />
<xs:element name="DFType">
<xs:complexType>
<xs:choice>
<xs:element minOccurs="1" maxOccurs="unbounded" ref="MIME" />
<xs:element ref="DDFName" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="CaseSense">
<xs:complexType>
<xs:choice>
<xs:element name="CS" />
<xs:element name="CIS" />
</xs:choice>
</xs:complexType>
</xs:element>
</xs:schema>
```
- Schema definition for the `MSFT` namespace:
```xml
<?xml version="1.0" encoding="utf-8"?>
<xs:schema elementFormDefault="qualified" xmlns="http://schemas.microsoft.com/MobileDevice/DM" targetNamespace="http://schemas.microsoft.com/MobileDevice/DM" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="Diagnostics" type="xs:string">
<xs:annotation>
<xs:documentation>This node contains an XML blob that can be used as an argument to the DiagnosticsLogCSP to pull diagnostics for a feature.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Deprecated">
<xs:annotation>
<xs:documentation>This node marks that a feature is deprecated. If included, OsBuildDeprecated gives the OS Build version that the node is no longer recommended to be set.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="OsBuildDeprecated" type="xs:string" />
</xs:complexType>
</xs:element>
<xs:element name="DynamicNodeNaming">
<xs:annotation>
<xs:documentation>This node contains information on how to dynamically name the node such that the name is valid.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
<xs:element name="ServerGeneratedUniqueIdentifier">
<xs:annotation>
<xs:documentation>This indicates that the server should generate a unique identifier for the node.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ClientInventory">
<xs:annotation>
<xs:documentation>This indicates that the client will generate the name of the node based on the device state (such as inventorying apps).</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="UniqueName" type="xs:string">
<xs:annotation>
<xs:documentation>This indicates that the server should name the node, and the value listed gives a regex to define what is allowed.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="ConflictResolution" default="NoMerge">
<xs:simpleType>
<xs:annotation>
<xs:documentation>The type of the conflict resolution.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="NoMerge">
<xs:annotation>
<xs:documentation>No policy merge.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LowestValueMostSecure">
<xs:annotation>
<xs:documentation>The lowest value is the most secure policy value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="HighestValueMostSecure">
<xs:annotation>
<xs:documentation>The highest value is the most secure policy value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LastWrite">
<xs:annotation>
<xs:documentation>The last written value is current value</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LowestValueMostSecureZeroHasNoLimits">
<xs:annotation>
<xs:documentation>The lowest value is the most secure policy value unless the value is zero.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="HighestValueMostSecureZeroHasNoLimits">
<xs:annotation>
<xs:documentation>The highest value is the most secure policy value unless the value is zero.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="Applicability">
<xs:annotation>
<xs:documentation>These tags indicate what are required on the device for the node to be applicable to configured. These tags can be inherited by children nodes.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="OsBuildVersion" type="xs:string">
<xs:annotation>
<xs:documentation>This tag describes the first build that a feature is released to. If the feature was backported, multiple OS versions will be listed, such that the OS build version without a minor number is the first "major release."</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="CspVersion" type="xs:decimal">
<xs:annotation>
<xs:documentation>This tag describes the lowest CSP Version that the node was released to.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="EditionAllowList" type="xs:string">
<xs:annotation>
<xs:documentation>This tag describes the list of Edition IDs that the features is allowed on. 0x88* refers to Windows Holographic for Business.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="RequiresAzureAd">
<xs:annotation>
<xs:documentation>This tag indicates that the node requires the device to be Azure Active Directory Joined to be applicable.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AllowedValues">
<xs:annotation>
<xs:documentation>These tags describe what values are allowed to be set for this particular node.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
<xs:attributeGroup name="AllowedValuesAttributeGroup">
<xs:attribute name="ValueType" use="required">
<xs:annotation>
<xs:documentation>This attribute describes what kind of Allowed Values tag this is.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="XSD">
<xs:annotation>
<xs:documentation>This attribute indicates that the Value tag contains an XSD for the node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="RegEx">
<xs:annotation>
<xs:documentation>This attribute indicates that the Value tag contains a RegEx for the node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ADMX">
<xs:annotation>
<xs:documentation>This attribute indicates that the node can be described by an external ADMX file.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="JSON">
<xs:annotation>
<xs:documentation>This attribute indicates that the node can be described by a JSON schema.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ENUM">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are an enumeration.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Flag">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values can be combined into a bitwise flag.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Range">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are a numerical range.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="SDDL">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are a string in the SDDL format.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="None">
<xs:annotation>
<xs:documentation>This attribute indicates there is no data-driven way to define the allowed values of the node. This potentially means that all string values are valid values.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:group name="AllowedValuesGroup">
<xs:sequence>
<xs:group minOccurs="0" maxOccurs="1" ref="AllowedValueGroupedNodes" />
<xs:element minOccurs="0" maxOccurs="1" name="List">
<xs:annotation>
<xs:documentation>This tag indicates that the node input can contain multiple, delimited values.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="Delimiter" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the delimeter used for the list of values.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:group>
<xs:group name="ValueAndDescriptionGroup">
<xs:sequence>
<xs:element name="Value" type="xs:string">
<xs:annotation>
<xs:documentation>This tag indicates an allowed value.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="ValueDescription" type="xs:string">
<xs:annotation>
<xs:documentation>This tag gives further description to an allowed value, such as for an enumeration.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:group>
<xs:group name="AllowedValueGroupedNodes">
<xs:choice>
<xs:element ref="Enum" maxOccurs="unbounded" />
<xs:group ref="ValueAndDescriptionGroup" />
<xs:element ref="AdmxBacked" />
</xs:choice>
</xs:group>
<xs:element name="Enum">
<xs:annotation>
<xs:documentation>This tag gives details for one particular enumeration of the allowed values.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:group ref="ValueAndDescriptionGroup" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AdmxBacked">
<xs:annotation>
<xs:documentation>This tag indicates the relevent details for the corresponding ADMX policy for this node.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="Area" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the area path of the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the name of the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="File" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the filename for the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="ReplaceBehavior" default="Replace">
<xs:annotation>
<xs:documentation>This tag details the replace behavior of the node.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="Append">
<xs:annotation>
<xs:documentation>When performing a replace operation on this node, the value is appending to the existing node data.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Replace">
<xs:annotation>
<xs:documentation>When performing a replace operation on this node, the existing node data is removed before new data is added.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RebootBehavior" default="None">
<xs:annotation>
<xs:documentation>This tag describes the reboot behavior of the node.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="None">
<xs:annotation>
<xs:documentation>No reboot is required for this node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Automatic">
<xs:annotation>
<xs:documentation>This node will automatically perform a reboot to take effect.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ServerInitiated">
<xs:annotation>
<xs:documentation>This node needs a reboot initiated from an external source to take effect.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="GpMapping">
<xs:annotation>
<xs:documentation>This tag details the information necessary to map this node to an existing group policy.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="GpEnglishName" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the English name of the GP.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GpAreaPath" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the area path of the GP.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GpElement" type="xs:string">
<xs:annotation>
<xs:documentation>This attribute details a particular element of a GP that the CSP node maps to.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="CommonErrorResults">
<xs:annotation>
<xs:documentation>This tag lists out common error HRESULTS reported by the CSP and English text to associate with them.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="CommonErrorOne" type="xs:string" />
<xs:element name="CommonErrorTwo" type="xs:string" />
<xs:element name="CommonErrorThree" type="xs:string" />
<xs:element name="CommonErrorFour" type="xs:string" />
<xs:element name="CommonErrorFive" type="xs:string" />
<xs:element name="CommonErrorSix" type="xs:string" />
<xs:element name="CommonErrorSeven" type="xs:string" />
<xs:element name="CommonErrorEight" type="xs:string" />
<xs:element name="CommonErrorNine" type="xs:string" />
<xs:element name="CommonErrorTen" type="xs:string" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AtomicRequired">
<xs:annotation>
<xs:documentation>This tag indicates that this node and all children nodes should be enclosed by an Atomic tag when being sent to the client.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="DependencyBehavior">
<xs:annotation>
<xs:documentation>These tags detail potential dependencies that the current CSP node has on other nodes in the same CSP.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="DependencyGroup" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Dependency">
<xs:annotation>
<xs:documentation>This tag describes a dependency that the current CSP node has on another nodes in the same CSP.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="DependencyUri" type="xs:anyURI">
<xs:annotation>
<xs:documentation>The URI that the current CSP node has a dependency on.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="DependencyAllowedValue" />
</xs:sequence>
<xs:attribute name="Type" use="required">
<xs:annotation>
<xs:documentation>This tag details the kind of dependency.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="DependsOn">
<xs:annotation>
<xs:documentation>The current node depends on the dependency holding a certain value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Not">
<xs:annotation>
<xs:documentation>The current node depends on the dependency not holding a certain value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="DependencyGroup">
<xs:annotation>
<xs:documentation>This tag details one specific dependency. A node might have multiple different dependencies.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" ref="DependencyChangedAllowedValues" />
<xs:element ref="Dependency" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="FriendlyId" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives a friendly ID to the dependency, to differentiate it from other dependencies.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="DependencyAllowedValue">
<xs:annotation>
<xs:documentation>This tag details the values that the dependency must be set to for the dependency to be satisfied.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
<xs:element name="DependencyChangedAllowedValues">
<xs:annotation>
<xs:documentation>This tag details a change to the current node's allowed values if the dependency is satisfied.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
</xs:schema>
```
## Older DDF files
You can download the older DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
@ -26,4 +590,15 @@ You can download the DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
You can download DDF file for Policy CSP from [Policy DDF file](policy-ddf-file.md).
You can download the older Policy area DDF files by clicking the following links:
- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
- [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)

4
windows/client-management/mdm/configuration-service-provider-support.md
View File

@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Configuration service provider support

4
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -9,7 +9,9 @@ author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# DynamicManagement CSP

3
windows/client-management/mdm/index.yml
View File

@ -11,6 +11,7 @@ metadata:
ms.prod: windows-client
ms.collection:
- highpri
- tier1
ms.custom: intro-hub-or-landing
author: vinaypamnani-msft
ms.author: vinpa
@ -47,7 +48,7 @@ landingContent:
- text: Policy CSP
url: policy-configuration-service-provider.md
- text: Policy DDF file
url: policy-ddf-file.md
url: configuration-service-provider-ddf.md
- text: Policy CSP - Start
url: policy-csp-start.md
- text: Policy CSP - Update

3
windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/30/2023
ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -814,6 +814,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [SetPolicyDrivenUpdateSourceForOtherUpdates](policy-csp-update.md)
- [SetEDURestart](policy-csp-update.md)
- [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md)
- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md)
- [SetDisableUXWUAccess](policy-csp-update.md)
- [SetDisablePauseUXAccess](policy-csp-update.md)
- [UpdateNotificationLevel](policy-csp-update.md)

4
windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
View File

@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -4538,7 +4538,7 @@ The first several links will also be pinned to the Start menu. A total of four l
<!-- TryHarderPinnedOpenSearch-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, <https://www.example.com/results.aspx?q=>{searchTerms}).
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, `https://www.example.com/results.aspx?q={searchTerms}`).
You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.

34
windows/client-management/mdm/policy-csp-audit.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -343,7 +343,7 @@ Volume: Low.
<!-- AccountLogonLogoff_AuditGroupMembership-Description-Begin -->
<!-- Description-Source-DDF -->
This policy allows you to audit the group memberhsip information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group memberhsip information cannot fit in a single security audit event.
This policy allows you to audit the group membership information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. When this setting is configured, one or more security audit events are generated for each successful logon. You must also enable the Audit Logon setting under Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff. Multiple events are generated if the group membership information cannot fit in a single security audit event.
<!-- AccountLogonLogoff_AuditGroupMembership-Description-End -->
<!-- AccountLogonLogoff_AuditGroupMembership-Editable-Begin -->
@ -836,7 +836,7 @@ Volume: Low.
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see article 947223 in the Microsoft Knowledge Base (<https://go.microsoft.com/fwlink/?LinkId=121697)>.
This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](<https://go.microsoft.com/fwlink/?LinkId=121697>).
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-End -->
<!-- AccountLogonLogoff_AuditSpecialLogon-Editable-Begin -->
@ -1083,7 +1083,7 @@ Volume: Low.
<!-- AccountManagement_AuditDistributionGroupManagement-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to distribution groups such as the following Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy setting, an audit event is generated when an attempt to change a distribution group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a distribution group changes
- If you do not configure this policy setting, no audit event is generated when a distribution group changes.
> [!NOTE]
> Events in this subcategory are logged only on domain controllers.
@ -1120,7 +1120,7 @@ Volume: Low.
| Name | Value |
|:--|:--|
| Name | Audit Distributio Group Management |
| Name | Audit Distribution Group Management |
| Path | Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Account Management |
<!-- AccountManagement_AuditDistributionGroupManagement-GpMapping-End -->
@ -1332,7 +1332,7 @@ Volume: Low.
<!-- DetailedTracking_AuditDPAPIActivity-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see <https://go.microsoft.com/fwlink/?LinkId=121720>. If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see [How to Use Data Protection](/dotnet/standard/security/how-to-use-data-protection). If you configure this policy setting, an audit event is generated when an encryption or decryption request is made to DPAPI. Success audits record successful requests and Failure audits record unsuccessful requests.
- If you do not configure this policy setting, no audit event is generated when an encryption or decryption request is made to DPAPI.
<!-- DetailedTracking_AuditDPAPIActivity-Description-End -->
@ -1825,7 +1825,7 @@ Volume: High on domain controllers. None on client computers.
<!-- DSAccess_AuditDirectoryServiceChanges-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the object's properties. Events in this subcategory are logged only on domain controllers, and only objects in AD DS with a matching system access control list (SACL) are logged.
> [!NOTE]
> Actions on some objects and properties do not cause audit events to be generated due to settings on the object class in the schema. If you configure this policy setting, an audit event is generated when an attempt to change an object in AD DS is made. Success audits record successful attempts, however unsuccessful attempts are NOT recorded.
@ -2135,7 +2135,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
<!-- ObjectAccess_AuditDetailedFileShare-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the permissions or other criteria used to grant or deny access. If you configure this policy setting, an audit event is generated when an attempt is made to access a file or folder on a share. The administrator can specify whether to audit only successes, only failures, or both successes and failures.
> [!NOTE]
> There are no system access control lists (SACLs) for shared folders.
@ -2201,7 +2201,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
<!-- ObjectAccess_AuditFileShare-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder.
- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures
- If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
> [!NOTE]
> There are no system access control lists (SACLs) for shared folders.
@ -2267,7 +2267,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
<!-- ObjectAccess_AuditFileSystem-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL. For more information about enabling object access auditing, see <https//go.microsoft.com/fwlink/?LinkId=122083>. If you configure this policy setting, an audit event is generated each time an account accesses a file system object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL
- If you do not configure this policy setting, no audit event is generated when an account accesses a file system object with a matching SACL.
> [!NOTE]
> You can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
@ -2455,7 +2455,7 @@ Volume: High.
<!-- ObjectAccess_AuditHandleManipulation-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when a handle is manipulated
- If you do not configure this policy setting, no audit event is generated when a handle is manipulated.
> [!NOTE]
> Events in this subcategory generate events only for object types where the corresponding Object Access subcategory is enabled. For example, if File system object access is enabled, handle manipulation security audit events are generated. If Registry object access is not enabled, handle manipulation security audit events will not be generated.
@ -2519,7 +2519,7 @@ Volume: Depends on how SACLs are configured.
<!-- ObjectAccess_AuditKernelObject-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events.
> [!NOTE]
> The Audit Audit the access of global system objects policy setting controls the default SACL of kernel objects.
@ -2645,7 +2645,7 @@ Volume: Low.
<!-- ObjectAccess_AuditRegistry-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. If you configure this policy setting, an audit event is generated each time an account accesses a registry object with a matching SACL. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL
- If you do not configure this policy setting, no audit event is generated when an account accesses a registry object with a matching SACL.
> [!NOTE]
> You can set a SACL on a registry object using the Permissions dialog box.
@ -2771,10 +2771,10 @@ This policy setting allows you to audit user attempts to access file system obje
<!-- ObjectAccess_AuditSAM-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. SAM_SERVER - A computer account. If you configure this policy setting, an audit event is generated when an attempt to access a kernel object is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made
- If you do not configure this policy setting, no audit event is generated when an attempt to access a kernel object is made.
> [!NOTE]
> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see article 841001 in the Microsoft Knowledge Base (<https//go.microsoft.com/fwlink/?LinkId=121698)>.
> Only the System Access Control List (SACL) for SAM_SERVER can be modified. Volume High on domain controllers. For information about reducing the amount of events generated in this subcategory, see [article 841001 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121698).
<!-- ObjectAccess_AuditSAM-Description-End -->
<!-- ObjectAccess_AuditSAM-Editable-Begin -->
@ -2836,7 +2836,7 @@ Volume: High on domain controllers. For more information about reducing the numb
<!-- PolicyChange_AuditAuthenticationPolicyChange-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit events generated by changes to the authentication policy such as the following Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy. Granting of any of the following user rights to a user or group Access This Computer From the Network. Allow Logon Locally. Allow Logon Through Terminal Services. Logon as a Batch Job. Logon a Service. Namespace collision. For example, when a new trust has the same name as an existing namespace name. If you configure this policy setting, an audit event is generated when an attempt to change the authentication policy is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed
- If you do not configure this policy setting, no audit event is generated when the authentication policy is changed.
> [!NOTE]
> The security audit event is logged when the group policy is applied. It does not occur at the time when the settings are modified.
@ -3147,7 +3147,7 @@ Volume: Low.
<!-- PolicyChange_AuditPolicyChange-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list
This policy setting allows you to audit changes in the security audit policy settings such as the following Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security event sources. Changes to the per-user audit settings. Changes to the value of CrashOnAuditFail. Changes to the system access control list on a file system or registry object. Changes to the Special Groups list.
> [!NOTE]
> System access control list (SACL) change auditing is done when a SACL for an object changes and the policy change category is enabled. Discretionary access control list (DACL) and ownership changes are audited when object access auditing is enabled and the object's SACL is configured for auditing of DACL/Owner change.

2
windows/client-management/mdm/policy-csp-browser.md
View File

@ -3248,7 +3248,7 @@ Related Documents:
- [Find a package family name (PFN) for per-app VPN](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
- [Assign apps to groups with Microsoft Intune](/mem/intune/apps-deploy)
- [Assign apps to groups with Microsoft Intune](/mem/intune/apps/apps-deploy)
- [Manage apps from the Microsoft Store for Business and Education with Configuration Manager](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
<!-- PreventTurningOffRequiredExtensions-Editable-End -->

2
windows/client-management/mdm/policy-csp-controlpolicyconflict.md
View File

@ -58,7 +58,7 @@ This ensures that:
- The current Policy Manager policies are refreshed from what MDM has set
- Any values set by scripts/user outside of GP that conflict with MDM are removed
The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the policies with equivalent GP:
The [Policy DDF](configuration-service-provider-ddf.md) contains the following tags to identify the policies with equivalent GP:
- \<MSFT:ADMXBacked\>
- \<MSFT:ADMXMapped\>

8
windows/client-management/mdm/policy-csp-defender.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/09/2023
ms.date: 02/10/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -1164,7 +1164,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated
<!-- CloudBlockLevel-Description-Begin -->
<!-- Description-Source-DDF -->
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus documentation site
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. For more information about specific values that are supported, see [Specify the cloud protection level](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus).
> [!NOTE]
> This feature requires the Join Microsoft MAPS setting enabled in order to function.
@ -1232,7 +1232,7 @@ This policy setting determines how aggressive Windows Defender Antivirus will be
<!-- CloudExtendedTimeout-Description-Begin -->
<!-- Description-Source-DDF -->
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.
> [!NOTE]
> This feature depends on three other MAPS settings the must all be enabled- Configure the 'Block at First Sight' feature; Join Microsoft MAPS; Send file samples when further analysis is required.
@ -1980,7 +1980,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
<!-- ExcludedProcesses-Description-Begin -->
<!-- Description-Source-DDF -->
Allows an administrator to specify a list of files opened by processes to ignore during a scan
Allows an administrator to specify a list of files opened by processes to ignore during a scan.
> [!IMPORTANT]
> The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C\Example. exe|C\Example1.exe.

2
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -19,7 +19,7 @@ ms.topic: reference
<!-- LocalPoliciesSecurityOptions-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md).
> To find data formats (and other policy-related details), see [Policy DDF file](./configuration-service-provider-ddf.md).
<!-- LocalPoliciesSecurityOptions-Editable-End -->
<!-- Accounts_BlockMicrosoftAccounts-Begin -->

2
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -150,7 +150,7 @@ Descriptions of the properties:
**Policy timeline**:
The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup dec>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup desc>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
The following table describes how this policy setting behaves in different Windows 10 versions:

83
windows/client-management/mdm/policy-csp-update.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/18/2023
ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -16,6 +16,9 @@ ms.topic: reference
<!-- Update-Begin -->
# Policy CSP - Update
> [!IMPORTANT]
> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
<!-- Update-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Update-Editable-End -->
@ -23,6 +26,7 @@ ms.topic: reference
Update CSP policies are listed below based on the group policy area:
- [Windows Insider Preview](#windows-insider-preview)
- [AllowTemporaryEnterpriseFeatureControl](#allowtemporaryenterprisefeaturecontrol)
- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
- [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
@ -103,6 +107,75 @@ Update CSP policies are listed below based on the group policy area:
## Windows Insider Preview
<!-- AllowTemporaryEnterpriseFeatureControl-Begin -->
### AllowTemporaryEnterpriseFeatureControl
<!-- AllowTemporaryEnterpriseFeatureControl-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
<!-- AllowTemporaryEnterpriseFeatureControl-Applicability-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Update/AllowTemporaryEnterpriseFeatureControl
```
<!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Description-Begin -->
<!-- Description-Source-ADMX -->
Features introduced via servicing (outside of the annual feature update) are off by default for devices that have their Windows updates managed*.
- If this policy is configured to "Enabled", then all features available in the latest monthly quality update installed will be on.
- If this policy is set to "Not Configured" or "Disabled" then features that are shipped via a monthly quality update (servicing) will remain off until the feature update that includes these features is installed.
*Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS).
<!-- AllowTemporaryEnterpriseFeatureControl-Description-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowTemporaryEnterpriseFeatureControl-Editable-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Not allowed. |
| 1 | Allowed. |
<!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | AllowTemporaryEnterpriseFeatureControl |
| Friendly Name | Enable features introduced via servicing that are off by default |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
| Registry Value Name | AllowTemporaryEnterpriseFeatureControl |
| ADMX File Name | WindowsUpdate.admx |
<!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowTemporaryEnterpriseFeatureControl-Examples-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-End -->
<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
### ConfigureDeadlineNoAutoRebootForFeatureUpdates
@ -2589,7 +2662,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
<!-- ScheduledInstallDay-Description-Begin -->
<!-- Description-Source-DDF -->
Enables the IT admin to schedule the day of the update installation. The data type is a integer.
Enables the IT admin to schedule the day of the update installation. The data type is an integer.
<!-- ScheduledInstallDay-Description-End -->
<!-- ScheduledInstallDay-Editable-Begin -->
@ -2660,7 +2733,7 @@ Enables the IT admin to schedule the day of the update installation. The data ty
<!-- ScheduledInstallEveryWeek-Description-Begin -->
<!-- Description-Source-DDF -->
Enables the IT admin to schedule the update installation on the every week. Value type is integer.
Enables the IT admin to schedule the update installation every week. Value type is integer.
<!-- ScheduledInstallEveryWeek-Description-End -->
<!-- ScheduledInstallEveryWeek-Editable-Begin -->
@ -2985,7 +3058,7 @@ Enables the IT admin to schedule the update installation on the third week of th
<!-- ScheduledInstallTime-Description-Begin -->
<!-- Description-Source-DDF -->
the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
the IT admin to schedule the time of the update installation. The data type is an integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
<!-- ScheduledInstallTime-Description-End -->
<!-- ScheduledInstallTime-Editable-Begin -->
@ -3044,7 +3117,7 @@ Enables the IT admin to schedule the update installation on the third week of th
<!-- SetDisablePauseUXAccess-Description-Begin -->
<!-- Description-Source-ADMX -->
This setting allows to remove access to "Pause updates" feature.
This setting allows removing access to "Pause updates" feature.
Once enabled user access to pause updates is removed.
<!-- SetDisablePauseUXAccess-Description-End -->

32
windows/client-management/mdm/policy-ddf-file.md
View File

@ -1,32 +0,0 @@
---
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/28/2020
---
# Policy DDF file
This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
You can view various Policy DDF files by clicking the following links:
- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
- [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-ddf.md).

2
windows/client-management/mdm/toc.yml
View File

@ -34,7 +34,7 @@ items:
href: policy-configuration-service-provider.md
items:
- name: Policy CSP DDF file
href: policy-ddf-file.md
href: configuration-service-provider-ddf.md
- name: Policy CSP support scenarios
items:
- name: ADMX policies in Policy CSP

2
windows/client-management/mdm/uefi-csp.md
View File

@ -31,7 +31,7 @@ The UEFI Configuration Service Provider (CSP) interfaces to UEFI's Device Firmwa
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
> [!NOTE]
> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
> The production UEFI CSP is present in 1809, but it depends upon the [Device Firmware Configuration Interface (DFCI) and UEFI firmware](https://microsoft.github.io/mu/dyn/mu_feature_dfci/DfciPkg/Docs/Dfci_Feature/) to comply with this interface.
The following shows the UEFI CSP in tree format.
```

44
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -40,6 +40,7 @@ WindowsAdvancedThreatProtection
----Configuration
--------SampleSharing
--------TelemetryReportingFrequency
--------AadDdeviceId
----Offboarding
----DeviceTagging
--------Group
@ -48,34 +49,34 @@ WindowsAdvancedThreatProtection
The following list describes the characteristics and parameters.
<a href="" id="--device-vendor-msft-windowsadvancedthreatprotection"></a>**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
**./Device/Vendor/MSFT/WindowsAdvancedThreatProtection**
The root node for the Windows Defender Advanced Threat Protection configuration service provider.
Supported operation is Get.
<a href="" id="onboarding"></a>**Onboarding**
**Onboarding**
Sets Windows Defender Advanced Threat Protection Onboarding blob and initiates onboarding to Windows Defender Advanced Threat Protection.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="healthstate"></a>**HealthState**
**HealthState**
Node that represents the Windows Defender Advanced Threat Protection health state.
<a href="" id="healthstate-lastconnected"></a>**HealthState/LastConnected**
**HealthState/LastConnected**
Contains the timestamp of the last successful connection.
Supported operation is Get.
<a href="" id="healthstate-senseisrunning"></a>**HealthState/SenseIsRunning**
**HealthState/SenseIsRunning**
Boolean value that identifies the Windows Defender Advanced Threat Protection Sense running state.
The default value is false.
Supported operation is Get.
<a href="" id="healthstate-onboardingstate"></a>**HealthState/OnboardingState**
**HealthState/OnboardingState**
Represents the onboarding state.
Supported operation is Get.
@ -85,15 +86,15 @@ The following list shows the supported values:
- 0 (default) Not onboarded
- 1 Onboarded
<a href="" id="healthstate-orgid"></a>**HealthState/OrgId**
**HealthState/OrgId**
String that represents the OrgID.
Supported operation is Get.
<a href="" id="configuration"></a>**Configuration**
**Configuration**
Represents Windows Defender Advanced Threat Protection configuration.
<a href="" id="configuration-samplesharing"></a>**Configuration/SampleSharing**
**Configuration/SampleSharing**
Returns or sets the Windows Defender Advanced Threat Protection Sample Sharing configuration parameter.
The following list shows the supported values:
@ -103,7 +104,7 @@ The following list shows the supported values:
Supported operations are Get and Replace.
<a href="" id="configuration-telemetryreportingfrequency"></a>**Configuration/TelemetryReportingFrequency**
**Configuration/TelemetryReportingFrequency**
Added in Windows 10, version 1703. Returns or sets the Windows Defender Advanced Threat Protection diagnostic data reporting frequency.
The following list shows the supported values:
@ -113,26 +114,31 @@ The following list shows the supported values:
Supported operations are Get and Replace.
<a href="" id="offboarding"></a>**Offboarding**
**Configuration/AadDeviceId**
Returns or sets the Intune's reported known AadDeviceId for the machine
Supported operations are Get and Replace.
**Offboarding**
Sets the Windows Defender Advanced Threat Protection Offboarding blob and initiates offboarding to Windows Defender Advanced Threat Protection.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="devicetagging"></a>**DeviceTagging**
**DeviceTagging**
Added in Windows 10, version 1709. Represents Windows Defender Advanced Threat Protection configuration for managing role based access and device tagging.
Supported operation is Get.
<a href="" id="group"></a>**DeviceTagging/Group**
**DeviceTagging/Group**
Added in Windows 10, version 1709. Device group identifiers.
The data type is a string.
Supported operations are Get and Replace.
<a href="" id="criticality"></a>**DeviceTagging/Criticality**
**DeviceTagging/Criticality**
Added in Windows 10, version 1709. Asset criticality value. Supported values:
- 0 - Normal
@ -217,6 +223,16 @@ Supported operations are Get and Replace.
</Target>
</Item>
</Get>
<Get>
<CmdID>7</CmdID>
<Item>
<Target>
<LocURI>
./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/AadDeviceId
</LocURI>
</Target>
</Item>
</Get>
<Get>
<CmdID>11</CmdID>
<Item>

4
windows/client-management/mobile-device-enrollment.md
View File

@ -9,7 +9,9 @@ ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/11/2017
ms.collection: highpri
ms.collection:
- highpri
- tier2
---
# Mobile device enrollment

4
windows/client-management/quick-assist.md
View File

@ -9,7 +9,9 @@ author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.reviewer: pmadrigal
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.date: 08/26/2022
---

10
windows/configuration/configure-windows-10-taskbar.md
View File

@ -1,10 +1,7 @@
---
title: Configure Windows 10 taskbar (Windows 10)
title: Configure Windows 10 taskbar
description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
keywords: [taskbar layout, pin apps]
ms.prod: windows-client
ms.mktglfcycl: manage
ms.sitesec: library
author: lizgt2000
ms.author: lizlong
ms.topic: article
@ -12,9 +9,12 @@ ms.localizationpriority: medium
ms.date: 01/18/2018
ms.reviewer:
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
---
# Configure Windows 10 taskbar
Starting in Windows 10, version 1607, administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a `<TaskbarLayout>` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.

1
windows/configuration/cortana-at-work/cortana-at-work-feedback.md
View File

@ -2,6 +2,7 @@
title: Send feedback about Cortana at work back to Microsoft
description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-o365.md
View File

@ -2,6 +2,7 @@
title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
ms.prod: windows-client
ms.collection: tier3
ms.mktglfcycl: manage
ms.sitesec: library
author: aczechowski

1
windows/configuration/cortana-at-work/cortana-at-work-overview.md
View File

@ -4,6 +4,7 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
View File

@ -2,6 +2,7 @@
title: Configure Cortana with Group Policy and MDM settings (Windows)
description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
View File

@ -2,6 +2,7 @@
title: Sign into Azure AD, enable the wake word, and try a voice query
description: A test scenario walking you through signing in and managing the notebook.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
View File

@ -2,6 +2,7 @@
title: Perform a quick search with Cortana at work (Windows)
description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
View File

@ -2,6 +2,7 @@
title: Set a reminder for a location with Cortana at work (Windows)
description: A test scenario about how to set a location-based reminder using Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
View File

@ -2,6 +2,7 @@
title: Use Cortana at work to find your upcoming meetings (Windows)
description: A test scenario on how to use Cortana at work to find your upcoming meetings.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to send email to a co-worker (Windows)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
View File

@ -2,6 +2,7 @@
title: Review a reminder suggested by Cortana (Windows)
description: A test scenario on how to use Cortana with the Suggested reminders feature.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
View File

@ -2,6 +2,7 @@
title: Help protect data with Cortana and WIP (Windows)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
View File

@ -2,6 +2,7 @@
title: Cortana at work testing scenarios
description: Suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
View File

@ -2,6 +2,7 @@
title: Set up and test custom voice commands in Cortana for your organization (Windows)
description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
View File

@ -4,6 +4,7 @@ ms.reviewer:
manager: dougeby
description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-1.md
View File

@ -2,6 +2,7 @@
title: Test scenario 1 Sign in with your work or school account and use Cortana to manage the notebook
description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-2.md
View File

@ -2,6 +2,7 @@
title: Test scenario 2 - Perform a quick search with Cortana at work
description: A test scenario about how to perform a quick search with Cortana at work.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-3.md
View File

@ -2,6 +2,7 @@
title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
description: A test scenario about how to set up, review, and edit a reminder based on a location.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-4.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to find your upcoming meetings at work (Windows)
description: A test scenario about how to use Cortana at work to find your upcoming meetings.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-5.md
View File

@ -2,6 +2,7 @@
title: Use Cortana to send an email to co-worker (Windows)
description: A test scenario on how to use Cortana at work to send email to a co-worker.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/test-scenario-6.md
View File

@ -2,6 +2,7 @@
title: Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

1
windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
View File

@ -2,6 +2,7 @@
title: Testing scenarios using Cortana in your business or organization
description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

19
windows/configuration/customize-and-export-start-layout.md
View File

@ -1,5 +1,5 @@
---
title: Customize and export Start layout (Windows 10)
title: Customize and export Start layout
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
ms.reviewer:
manager: aaroncz
@ -9,20 +9,21 @@ ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/18/2018
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
---
# Customize and export Start layout
**Applies to**
- Windows 10
- Windows 10
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
After you export the layout, decide whether you want to apply a *full* Start layout or a *partial* Start layout.
@ -31,7 +32,7 @@ When a full Start layout is applied, the users cannot pin, unpin, or uninstall a
When [a partial Start layout](#configure-a-partial-start-layout) is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.
>[!NOTE]
>Partial Start layout is only supported on Windows 10, version 1511 and later.
>Partial Start layout is only supported on Windows 10, version 1511 and later.
@ -49,7 +50,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
**To prepare a test computer**
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users' computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
2. Create a new user account that you will use to customize the Start layout.
@ -63,7 +64,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
To view all apps, click **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start.
- **Unpin apps** that you dont want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
- **Unpin apps** that you don't want to display. To unpin an app, right-click the app, and then click **Unpin from Start**.
- **Drag tiles** on Start to reorder or group apps.
@ -89,7 +90,7 @@ When you have the Start layout that you want your users to see, use the [Export-
2. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
`Export-StartLayout path <path><file name>.xml`
`Export-StartLayout -path <path><file name>.xml`
On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:

4
windows/configuration/customize-start-menu-layout-windows-11.md
View File

@ -7,7 +7,9 @@ ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: windows-client
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 01/10/2023
ms.topic: article

6
windows/configuration/customize-taskbar-windows-11.md
View File

@ -1,5 +1,5 @@
---
title: Configure and customize Windows 11 taskbar | Microsoft Docs
title: Configure and customize Windows 11 taskbar
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
manager: aaroncz
ms.author: lizlong
@ -7,7 +7,9 @@ ms.reviewer: chataylo
ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 12/31/2017
ms.topic: article

6
windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
View File

@ -1,5 +1,5 @@
---
title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
title: Customize Windows 10 Start and taskbar with group policy
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
ms.reviewer:
manager: aaroncz
@ -8,7 +8,9 @@ author: lizgt2000
ms.localizationpriority: medium
ms.author: lizlong
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

3
windows/configuration/docfx.json
View File

@ -34,6 +34,9 @@
"externalReference": [],
"globalMetadata": {
"recommendations": true,
"ms.collection": [
"tier2"
],
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "itpro-configure",

13
windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
View File

@ -8,7 +8,9 @@ ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.prod: windows-client
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---
@ -41,7 +43,7 @@ foreach ($app in $installedapps)
$aumidList
```
You can add the user &lt;username&gt; or the allusers parameters to the get-AppxPackage cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the user or allusers parameters.
You can add the `-user <username>` or the `-allusers` parameters to the **Get-AppxPackage** cmdlet to list AUMIDs for other users. You must use an elevated Windows PowerShell prompt to use the `-user` or -`allusers` parameters.
## To find the AUMID by using File Explorer
@ -63,7 +65,7 @@ At a command prompt, type the following command:
`reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"`
## Example
### Example to get AUMIDs of the installed apps for the specified user
The following code sample creates a function in Windows PowerShell that returns an array of AUMIDs of the installed apps for the specified user.
@ -105,14 +107,14 @@ The following Windows PowerShell commands demonstrate how you can call the listA
# Get a list of AUMIDs for the current account:
listAumids
# Get a list of AUMIDs for an account named “CustomerAccount”:
# Get a list of AUMIDs for an account named "CustomerAccount":
listAumids("CustomerAccount")
# Get a list of AUMIDs for all accounts on the device:
listAumids("allusers")
```
## Example
### Example to get the AUMID of any application in the Start menu
The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
@ -148,4 +150,3 @@ Get-AppAUMID -AppName Word
# List all apps and their AUMID in the Start menu
Get-AppAUMID
```

13
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -1,17 +1,16 @@
---
title: Guidelines for choosing an app for assigned access (Windows 10/11)
title: Guidelines for choosing an app for assigned access
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
keywords: [kiosk, lockdown, assigned access]
ms.prod: windows-client
ms.mktglfcycl: manage
ms.sitesec: library
author: lizgt2000
ms.localizationpriority: medium
ms.author: lizlong
ms.topic: article
ms.reviewer: sybruckm
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---
@ -50,7 +49,7 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but arent allowed to go to a competitor's website.
In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
@ -155,7 +154,7 @@ You can create your own web browser Windows app by using the WebView class. Lear
## Secure your information
Avoid selecting Windows apps that may expose the information you dont want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration

3
windows/configuration/index.yml
View File

@ -1,7 +1,7 @@
### YamlMime:Landing
title: Configure Windows client # < 60 chars
summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
metadata:
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
@ -10,6 +10,7 @@ metadata:
ms.prod: windows-client
ms.collection:
- highpri
- tier1
author: aczechowski
ms.author: aaroncz
manager: dougeby

8
windows/configuration/kiosk-single-app.md
View File

@ -1,6 +1,6 @@
---
title: Set up a single-app kiosk on Windows 10/11
description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
title: Set up a single-app kiosk on Windows
description: A single-use device is easy to set up in Windows Pro, Enterprise, and Education editions.
ms.reviewer: sybruckm
manager: aaroncz
ms.author: lizlong
@ -8,7 +8,9 @@ ms.prod: windows-client
author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
ms.collection:
- highpri
- tier1
ms.technology: itpro-configure
ms.date: 12/31/2017
---

12
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -9,7 +9,9 @@ manager: aaroncz
ms.reviewer: sybruckm
ms.localizationpriority: medium
ms.topic: how-to
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.date: 12/31/2017
---
@ -247,7 +249,7 @@ A few things to note here:
- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration.
- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout.
- There are no apps pinned on the taskbar in the multi-app mode, and it's not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesnt have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
- The following example uses `DesktopApplicationLinkPath` to pin the desktop app to start. When the desktop app doesn't have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files).
The following example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start:
@ -284,7 +286,7 @@ The following example pins Groove Music, Movies & TV, Photos, Weather, Calculato
##### Taskbar
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you dont attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
The following example exposes the taskbar to the end user:
@ -607,7 +609,7 @@ Lock the Taskbar | Enabled
Prevent users from adding or removing toolbars | Enabled
Prevent users from resizing the taskbar | Enabled
Remove frequent programs list from the Start Menu | Enabled
Remove Map Network Drive and Disconnect Network Drive | Enabled
Remove 'Map Network Drive' and 'Disconnect Network Drive' | Enabled
Remove the Security and Maintenance icon | Enabled
Turn off all balloon notifications | Enabled
Turn off feature advertisement balloon notifications | Enabled
@ -615,7 +617,7 @@ Turn off toast notifications | Enabled
Remove Task Manager | Enabled
Remove Change Password option in Security Options UI | Enabled
Remove Sign Out option in Security Options UI | Enabled
Remove All Programs list from the Start Menu | Enabled Remove and disable setting
Remove All Programs list from the Start Menu | Enabled - Remove and disable setting
Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]

8
windows/configuration/provisioning-packages/provisioning-install-icd.md
View File

@ -1,14 +1,16 @@
---
title: Install Windows Configuration Designer (Windows 10/11)
title: Install Windows Configuration Designer
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
ms.reviewer: kevinsheehan
manager: aaroncz
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

8
windows/configuration/provisioning-packages/provisioning-packages.md
View File

@ -1,14 +1,16 @@
---
title: Provisioning packages overview on Windows 10/11
title: Provisioning packages overview
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
ms.reviewer: gkomatsu
ms.reviewer: kevinsheehan
manager: aaroncz
ms.prod: windows-client
author: lizgt2000
ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
ms.date: 12/31/2017
---

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

2
windows/configuration/shared-devices-concepts.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

2
windows/configuration/shared-pc-technical.md
View File

@ -10,7 +10,7 @@ author: paolomatarazzo
ms.author: paoloma
ms.reviewer:
manager: aaroncz
ms.collection:
ms.collection: tier2
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>

6
windows/configuration/stop-employees-from-using-microsoft-store.md
View File

@ -1,5 +1,5 @@
---
title: Configure access to Microsoft Store (Windows 10)
title: Configure access to Microsoft Store
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
ms.reviewer:
manager: aaroncz
@ -9,7 +9,9 @@ ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 11/29/2022
ms.collection: highpri
ms.collection:
- highpri
- tier2
ms.technology: itpro-configure
---

Some files were not shown because too many files have changed in this diff Show More