From 2d97018fc106bb5ff1ca39b5cc1f30d5898c00a5 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 16 Apr 2018 18:42:52 +0000 Subject: [PATCH 1/5] Merged PR 7179: merge msfb-gpo to master updates GPO info --- .../stop-employees-from-using-microsoft-store.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md index 318293c24d..af9099c374 100644 --- a/windows/configuration/stop-employees-from-using-microsoft-store.md +++ b/windows/configuration/stop-employees-from-using-microsoft-store.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: store, mobile author: TrudyHa ms.localizationpriority: high -ms.date: 10/16/2017 +ms.date: 4/16/2018 --- # Configure access to Microsoft Store @@ -77,6 +77,10 @@ You can also use Group Policy to manage access to Microsoft Store. 4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**. +> [!Important] +> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store. + + ## Block Microsoft Store using management tool From d3af536b126db1072cd141e39556a00d7f1c1337 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 16 Apr 2018 19:34:43 +0000 Subject: [PATCH 2/5] Merged PR 7184: fix typo --- .../volume-activation/plan-for-volume-activation-client.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index a1e9503aee..a937437e02 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -31,8 +31,8 @@ ms.date: 09/27/2017 During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. -**Note**   -The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. +>[!NOTE]  +>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. ## Distribution channels and activation @@ -185,7 +185,7 @@ When you know which keys you need, you must obtain them. Generally speaking, vol ### KMS host keys -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Support Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. From 1730ef9770414c9e45cb778a65aa760963f63a6a Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 16 Apr 2018 20:11:04 +0000 Subject: [PATCH 3/5] Merged PR 7187: Auto-updates to index file, and ADMX properties. --- .../policy-configuration-service-provider.md | 373 ++++++++++++++---- .../mdm/policy-csp-applicationdefaults.md | 10 +- .../mdm/policy-csp-applicationmanagement.md | 21 +- .../mdm/policy-csp-appruntime.md | 25 +- .../mdm/policy-csp-browser.md | 11 +- .../mdm/policy-csp-cellular.md | 10 +- .../mdm/policy-csp-credentialsdelegation.md | 25 +- .../mdm/policy-csp-deliveryoptimization.md | 19 +- .../mdm/policy-csp-devicelock.md | 25 +- .../mdm/policy-csp-eventlogservice.md | 4 +- .../mdm/policy-csp-experience.md | 20 +- .../mdm/policy-csp-fileexplorer.md | 48 ++- .../mdm/policy-csp-internetexplorer.md | 71 +++- .../mdm/policy-csp-lanmanworkstation.md | 10 +- .../mdm/policy-csp-mssecurityguide.md | 140 ++++++- .../mdm/policy-csp-msslegacy.md | 94 ++++- .../mdm/policy-csp-notifications.md | 20 +- .../client-management/mdm/policy-csp-power.md | 37 +- .../mdm/policy-csp-textinput.md | 34 +- .../mdm/policy-csp-update.md | 20 +- .../policy-csp-windowsconnectionmanager.md | 25 +- .../mdm/policy-csp-windowslogon.md | 48 ++- .../mdm/policy-csp-windowspowershell.md | 25 +- 23 files changed, 946 insertions(+), 169 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d108e8bfc0..cee3c040d7 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/16/2018 +ms.date: 04/16/2018 --- # Policy CSP @@ -152,13 +152,13 @@ The following diagram shows the Policy configuration service provider in tree fo
- AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration + AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration
- AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold + AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold
- AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter + AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter
@@ -242,6 +242,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### AppRuntime policies + +
+
+ AppRuntime/AllowMicrosoftAccountsToBeOptional +
+
+ ### AppVirtualization policies
@@ -348,7 +356,7 @@ The following diagram shows the Policy configuration service provider in tree fo ### Authentication policies
-
+
Authentication/AllowAadPasswordReset
@@ -476,10 +484,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/DisableLockdownOfStartPages
-
+
Browser/EnableExtendedBooksTelemetry
-
Browser/EnterpriseModeSiteList
@@ -551,13 +558,13 @@ The following diagram shows the Policy configuration service provider in tree fo Cellular/LetAppsAccessCellularData
- Cellular/LetAppsAccessCellularData_ForceAllowTheseApps + Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
- Cellular/LetAppsAccessCellularData_ForceDenyTheseApps + Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
- Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps + Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
Cellular/ShowAppCellularAccessUI @@ -618,7 +625,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- ControlPolicyConflict/MDMWinsOverGP + ControlPolicyConflict/MDMWinsOverGP
@@ -636,6 +643,14 @@ The following diagram shows the Policy configuration service provider in tree fo
+### CredentialsDelegation policies + +
+
+ CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials +
+
+ ### CredentialsUI policies
@@ -805,7 +820,6 @@ The following diagram shows the Policy configuration service provider in tree fo
DeliveryOptimization/DODelayForegroundDownloadFromHttp
-
DeliveryOptimization/DODownloadMode
@@ -815,7 +829,6 @@ The following diagram shows the Policy configuration service provider in tree fo
DeliveryOptimization/DOGroupIdSource
-
DeliveryOptimization/DOMaxCacheAge
@@ -950,6 +963,9 @@ The following diagram shows the Policy configuration service provider in tree fo
DeviceLock/MinimumPasswordAge
+
+ DeviceLock/PreventEnablingLockScreenCamera +
DeviceLock/PreventLockScreenSlideShow
@@ -1073,9 +1089,15 @@ The following diagram shows the Policy configuration service provider in tree fo
Experience/AllowSIMErrorDialogPromptWhenNoSIM
+
+ Experience/AllowSaveAsOfOfficeFiles +
Experience/AllowScreenCapture
+
+ Experience/AllowSharingOfOfficeFiles +
Experience/AllowSyncMySettings
@@ -1125,6 +1147,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### FileExplorer policies + +
+
+ FileExplorer/TurnOffDataExecutionPreventionForExplorer +
+
+ FileExplorer/TurnOffHeapTerminationOnCorruption +
+
+ ### Games policies
@@ -1363,6 +1396,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/InternetZoneAllowUserDataPersistence
+
+ InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer +
InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -1531,6 +1567,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
+
+ InternetExplorer/LockedDownIntranetJavaPermissions +
InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
@@ -1762,6 +1801,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
+
+ InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer +
InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -1899,26 +1941,26 @@ The following diagram shows the Policy configuration service provider in tree fo
- KioskBrowser/BlockedUrlExceptions + KioskBrowser/BlockedUrlExceptions
- KioskBrowser/BlockedUrls + KioskBrowser/BlockedUrls
- KioskBrowser/DefaultURL + KioskBrowser/DefaultURL
- KioskBrowser/EnableHomeButton + KioskBrowser/EnableHomeButton
- KioskBrowser/EnableNavigationButtons + KioskBrowser/EnableNavigationButtons
- KioskBrowser/RestartOnIdleTime + KioskBrowser/RestartOnIdleTime
-### LanmanWorkstation policies +### LanmanWorkstation policies
@@ -1958,6 +2000,27 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
+
+ LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon +
+
+ LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia +
+
+ LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters +
+
+ LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly +
+
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways +
+
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible +
+
+ LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges +
LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
@@ -1979,15 +2042,75 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+
+ LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM +
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers +
LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+
+ LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile +
+
+ LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems +
LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
@@ -1997,6 +2120,9 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+
+ LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation +
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
@@ -2009,6 +2135,9 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+ LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode +
LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
@@ -2055,6 +2184,46 @@ The following diagram shows the Policy configuration service provider in tree fo
+### MSSecurityGuide policies + +
+
+ MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon +
+
+ MSSecurityGuide/ConfigureSMBV1ClientDriver +
+
+ MSSecurityGuide/ConfigureSMBV1Server +
+
+ MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection +
+
+ MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications +
+
+ MSSecurityGuide/WDigestAuthentication +
+
+ +### MSSLegacy policies + +
+
+ MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes +
+
+ MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers +
+
+ MSSLegacy/IPSourceRoutingProtectionLevel +
+
+ MSSLegacy/IPv6SourceRoutingProtectionLevel +
+
+ ### NetworkIsolation policies
@@ -2101,6 +2270,9 @@ The following diagram shows the Policy configuration service provider in tree fo ### Power policies
+
+ Power/AllowStandbyStatesWhenSleepingOnBattery +
Power/AllowStandbyWhenSleepingPluggedIn
@@ -2509,15 +2681,16 @@ The following diagram shows the Policy configuration service provider in tree fo ### RestrictedGroups policies +
- RestrictedGroups/ConfigureGroupMembership + RestrictedGroups/ConfigureGroupMembership
- +
### Search policies
-
+
Search/AllowCloudSearch
@@ -2530,7 +2703,7 @@ The following diagram shows the Policy configuration service provider in tree fo Search/AllowSearchToUseLocation
- Search/AllowStoringImagesFromVisionSearch + Search/AllowStoringImagesFromVisionSearch
Search/AllowUsingDiacritics @@ -2550,7 +2723,6 @@ The following diagram shows the Policy configuration service provider in tree fo
Search/DoNotUseWebResults
-
Search/PreventIndexingLowDiskSpaceMB
@@ -2584,7 +2756,7 @@ The following diagram shows the Policy configuration service provider in tree fo Security/ClearTPMIfNotReady
- Security/ConfigureWindowsPasswords + Security/ConfigureWindowsPasswords
Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices @@ -2765,10 +2937,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- Storage/EnhancedStorageDevices + Storage/AllowDiskHealthModelUpdates
- Storage/AllowDiskHealthModelUpdates + Storage/EnhancedStorageDevices
@@ -2826,22 +2998,22 @@ The following diagram shows the Policy configuration service provider in tree fo
- SystemServices/ConfigureHomeGroupListenerServiceStartupMode + SystemServices/ConfigureHomeGroupListenerServiceStartupMode
- SystemServices/ConfigureHomeGroupProviderServiceStartupMode + SystemServices/ConfigureHomeGroupProviderServiceStartupMode
- SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode + SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
- SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode + SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
- SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode + SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
- SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode + SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
@@ -2849,7 +3021,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- TaskScheduler/EnableXboxGameSaveTask + TaskScheduler/EnableXboxGameSaveTask
@@ -2889,6 +3061,12 @@ The following diagram shows the Policy configuration service provider in tree fo
TextInput/AllowLanguageFeaturesUninstall
+
+ TextInput/AllowLinguisticDataCollection +
+
+ TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode +
TextInput/ExcludeJapaneseIMEExceptJIS0208
@@ -2902,10 +3080,10 @@ The following diagram shows the Policy configuration service provider in tree fo TextInput/ForceTouchKeyboardDockedState
- TextInput/TouchKeyboardDictationButtonAvailability + TextInput/TouchKeyboardDictationButtonAvailability
- TextInput/TouchKeyboardEmojiButtonAvailability + TextInput/TouchKeyboardEmojiButtonAvailability
TextInput/TouchKeyboardFullModeAvailability @@ -3014,7 +3192,7 @@ The following diagram shows the Policy configuration service provider in tree fo Update/IgnoreMOUpdateDownloadLimit
- Update/ManagePreviewBuilds + Update/ManagePreviewBuilds
Update/PauseDeferrals @@ -3031,6 +3209,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Update/PauseQualityUpdatesStartTime
+
+ Update/PhoneUpdateRestrictions +
Update/RequireDeferUpgrade
@@ -3082,91 +3263,91 @@ The following diagram shows the Policy configuration service provider in tree fo
- UserRights/AccessCredentialManagerAsTrustedCaller + UserRights/AccessCredentialManagerAsTrustedCaller
- UserRights/AccessFromNetwork + UserRights/AccessFromNetwork
- UserRights/ActAsPartOfTheOperatingSystem + UserRights/ActAsPartOfTheOperatingSystem
- UserRights/AllowLocalLogOn + UserRights/AllowLocalLogOn
- UserRights/BackupFilesAndDirectories + UserRights/BackupFilesAndDirectories
- UserRights/ChangeSystemTime + UserRights/ChangeSystemTime
- UserRights/CreateGlobalObjects + UserRights/CreateGlobalObjects
- UserRights/CreatePageFile + UserRights/CreatePageFile
- UserRights/CreatePermanentSharedObjects + UserRights/CreatePermanentSharedObjects
- UserRights/CreateSymbolicLinks + UserRights/CreateSymbolicLinks
- UserRights/CreateToken + UserRights/CreateToken
- UserRights/DebugPrograms + UserRights/DebugPrograms
- UserRights/DenyAccessFromNetwork + UserRights/DenyAccessFromNetwork
- UserRights/DenyLocalLogOn + UserRights/DenyLocalLogOn
- UserRights/DenyRemoteDesktopServicesLogOn + UserRights/DenyRemoteDesktopServicesLogOn
- UserRights/EnableDelegation + UserRights/EnableDelegation
- UserRights/GenerateSecurityAudits + UserRights/GenerateSecurityAudits
- UserRights/ImpersonateClient + UserRights/ImpersonateClient
- UserRights/IncreaseSchedulingPriority + UserRights/IncreaseSchedulingPriority
- UserRights/LoadUnloadDeviceDrivers + UserRights/LoadUnloadDeviceDrivers
- UserRights/LockMemory + UserRights/LockMemory
- UserRights/ManageAuditingAndSecurityLog + UserRights/ManageAuditingAndSecurityLog
- UserRights/ManageVolume + UserRights/ManageVolume
- UserRights/ModifyFirmwareEnvironment + UserRights/ModifyFirmwareEnvironment
- UserRights/ModifyObjectLabel + UserRights/ModifyObjectLabel
- UserRights/ProfileSingleProcess + UserRights/ProfileSingleProcess
- UserRights/RemoteShutdown + UserRights/RemoteShutdown
- UserRights/RestoreFilesAndDirectories + UserRights/RestoreFilesAndDirectories
- UserRights/TakeOwnership + UserRights/TakeOwnership
@@ -3196,15 +3377,29 @@ The following diagram shows the Policy configuration service provider in tree fo
+### WindowsConnectionManager policies + +
+
+ WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork +
+
+ ### WindowsDefenderSecurityCenter policies
WindowsDefenderSecurityCenter/CompanyName
+
+ WindowsDefenderSecurityCenter/DisableAccountProtectionUI +
WindowsDefenderSecurityCenter/DisableAppBrowserUI
+
+ WindowsDefenderSecurityCenter/DisableDeviceSecurityUI +
WindowsDefenderSecurityCenter/DisableEnhancedNotifications
@@ -3235,6 +3430,15 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsDefenderSecurityCenter/EnableInAppCustomization
+
+ WindowsDefenderSecurityCenter/HideRansomwareDataRecovery +
+
+ WindowsDefenderSecurityCenter/HideSecureBoot +
+
+ WindowsDefenderSecurityCenter/HideTPMTroubleshooting +
WindowsDefenderSecurityCenter/Phone
@@ -3263,19 +3467,33 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsLogon/DontDisplayNetworkSelectionUI
+
+ WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers +
WindowsLogon/HideFastUserSwitching
+
+ WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart +
+
+ +### WindowsPowerShell policies + +
+
+ WindowsPowerShell/TurnOnPowerShellScriptBlockLogging +
### WirelessDisplay policies
- WirelessDisplay/AllowMdnsAdvertisement + WirelessDisplay/AllowMdnsAdvertisement
- WirelessDisplay/AllowMdnsDiscovery + WirelessDisplay/AllowMdnsDiscovery
WirelessDisplay/AllowProjectionFromPC @@ -3719,12 +3937,15 @@ The following diagram shows the Policy configuration service provider in tree fo - [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist) - [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist) - [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration) +- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers) - [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock) - [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr) - [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata) - [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps) +- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall) +- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges) - [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly) - [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume) - [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume) @@ -3763,6 +3984,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection) - [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride) - [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles) +- [Browser/PreventTabPreloading](./policy-csp-browser.md#browser-preventtabpreloading) - [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc) - [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites) - [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer) @@ -3777,6 +3999,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps) - [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) - [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming) +- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking) - [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) - [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) - [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) @@ -4136,6 +4359,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring) - [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation) - [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize) +- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons) - [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation) - [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation) - [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts) @@ -4148,6 +4372,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia) - [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters) - [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly) +- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways) +- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible) +- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges) - [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin) @@ -4169,6 +4396,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange) - [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel) - [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers) - [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) - [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile) - [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation) @@ -4202,7 +4433,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers) - [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative) - [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources) +- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification) - [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring) +- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification) - [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery) - [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin) - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) @@ -4367,6 +4600,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode) - [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode) - [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall) +- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection) - [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) - [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) @@ -4498,6 +4732,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) - [Settings/AllowDateTime](#settings-allowdatetime) - [Settings/AllowVPN](#settings-allowvpn) +- [System/AllowFontProviders](#system-allowfontproviders) - [System/AllowLocation](#system-allowlocation) - [System/AllowTelemetry](#system-allowtelemetry) - [Update/AllowAutoUpdate](#update-allowautoupdate) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 774334df19..02d3d2895e 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - ApplicationDefaults @@ -189,20 +189,14 @@ If you do not configure this policy setting, the default behavior depends on the ADMX Info: - GP English name: *Configure web-to-app linking with app URI handlers* - GP name: *EnableAppUriHandlers* +- GP path: *System/Group Policy* - GP ADMX file name: *GroupPolicy.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 4abd17e1d1..082ad6881d 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - ApplicationManagement @@ -597,20 +597,14 @@ This policy setting is designed for less restrictive environments. It can be use ADMX Info: - GP English name: *Allow user control over installs* - GP name: *EnableUserControl* +- GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* This setting supports a range of values between 0 and 1. - - - - - - -
@@ -661,25 +655,20 @@ If you disable or do not configure this policy setting, the system applies the c Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure. + ADMX Info: - GP English name: *Always install with elevated privileges* - GP name: *AlwaysInstallElevated* +- GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* This setting supports a range of values between 0 and 1. - - - - - - -
@@ -729,7 +718,9 @@ Most restricted value is 1. ADMX Info: +- GP English name: *Only display the private store within the Microsoft Store* - GP name: *RequirePrivateStoreOnly* +- GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 7e6fb10c8d..386d22dfe2 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - AppRuntime @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **AppRuntime/AllowMicrosoftAccountsToBeOptional** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 76ccab305a..514ff83491 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03//2018 +ms.date: 04/16/2018 --- # Policy CSP - Browser @@ -2191,10 +2191,17 @@ The following list shows the supported values: -Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. +Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. + +ADMX Info: +- GP English name: *Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed* +- GP name: *PreventTabPreloading* +- GP path: *Windows Components/Microsoft Edge* +- GP ADMX file name: *MicrosoftEdge.admx* + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 431c59baa4..9c86945186 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Cellular @@ -92,8 +92,10 @@ If an app is open when this Group Policy object is applied on a device, employee ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_Enum* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -150,8 +152,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -200,8 +204,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -250,8 +256,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index e347fbd029..edd5e6b205 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - CredentialsDelegation @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index cf43d37c41..9b31c6322f 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - DeliveryOptimization @@ -1219,8 +1219,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: +- GP English name: *Maximum Background Download Bandwidth (percentage)* - GP name: *PercentageMaxBackgroundBandwidth* - GP element: *PercentageMaxBackgroundBandwidth* +- GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* @@ -1231,6 +1233,15 @@ ADMX Info: **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead. @@ -1282,8 +1293,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: +- GP English name: *Maximum Foreground Download Bandwidth (percentage)* - GP name: *PercentageMaxForegroundBandwidth* - GP element: *PercentageMaxForegroundBandwidth* +- GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* @@ -1388,7 +1401,7 @@ The following list shows the supported values: -Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. +Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. > [!TIP] @@ -1454,7 +1467,7 @@ This policy allows an IT Admin to define the following: -Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. +Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 1a791a7b71..4ffde366c7 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - DeviceLock @@ -1036,6 +1036,29 @@ GP Info: **DeviceLock/PreventEnablingLockScreenCamera** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 89b92cd690..6c9a23cd61 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 04/02/2018 +ms.date: 04/16/2018 --- # Policy CSP - EventLogService @@ -200,7 +200,7 @@ ADMX Info: This policy setting specifies the maximum size of the log file in kilobytes. -If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. +If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 51935ec669..38e01b4868 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Experience @@ -436,6 +436,15 @@ The following list shows the supported values: **Experience/AllowSaveAsOfOfficeFiles** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. @@ -503,6 +512,15 @@ The following list shows the supported values: **Experience/AllowSharingOfOfficeFiles** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 9216df0e67..df185f9924 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - FileExplorer @@ -35,6 +35,29 @@ ms.date: 03/12/2018 **FileExplorer/TurnOffDataExecutionPreventionForExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -70,6 +93,29 @@ ADMX Info: **FileExplorer/TurnOffHeapTerminationOnCorruption** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 38156a6d35..580431a0ff 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - InternetExplorer @@ -5572,6 +5572,29 @@ ADMX Info: **InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9266,6 +9289,29 @@ ADMX Info: **InternetExplorer/LockedDownIntranetJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14337,6 +14383,29 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 5c860249fc..15c57e928a 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/16/2018 +ms.date: 04/16/2018 --- # Policy CSP - LanmanWorkstation @@ -78,20 +78,14 @@ Insecure guest logons are used by file servers to allow unauthenticated access t ADMX Info: - GP English name: *Enable insecure guest logons* - GP name: *Pol_EnableInsecureGuestLogons* +- GP path: *Network/Lanman Workstation* - GP ADMX file name: *LanmanWorkstation.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 8759b6d49a..bed4009f6a 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - MSSecurityGuide @@ -47,6 +47,29 @@ ms.date: 03/12/2018 **MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -79,6 +102,29 @@ ADMX Info: **MSSecurityGuide/ConfigureSMBV1ClientDriver** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -111,6 +157,29 @@ ADMX Info: **MSSecurityGuide/ConfigureSMBV1Server** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -143,6 +212,29 @@ ADMX Info: **MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -175,6 +267,29 @@ ADMX Info: **MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -207,6 +322,29 @@ ADMX Info: **MSSecurityGuide/WDigestAuthentication** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index 54107559ca..85f1361fe8 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - MSSLegacy @@ -41,6 +41,29 @@ ms.date: 03/12/2018 **MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -73,6 +96,29 @@ ADMX Info: **MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,6 +151,29 @@ ADMX Info: **MSSLegacy/IPSourceRoutingProtectionLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -137,6 +206,29 @@ ADMX Info: **MSSLegacy/IPv6SourceRoutingProtectionLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index bd162cb868..e5838dc453 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/15/2018 +ms.date: 04/16/2018 --- # Policy CSP - Notifications @@ -80,29 +80,28 @@ If you enable this policy setting, notifications can still be raised by applicat If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications. No reboots or service restarts are required for this policy setting to take effect. + ADMX Info: - GP English name: *Turn off notifications network usage* - GP name: *NoCloudNotification* +- GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* This setting supports a range of values between 0 and 1. - - - - - - Validation: 1. Enable policy 2. Reboot machine 3. Ensure that you can't receive a notification from Facebook app while FB app isn't running + + +
@@ -191,6 +190,7 @@ The following list shows the supported values: check mark4 + @@ -211,22 +211,20 @@ If you enable this policy setting, applications and system features will not be If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. + ADMX Info: - GP English name: *Turn off tile notifications* - GP name: *NoTileNotification* +- GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* This setting supports a range of values between 0 and 1. - - - - Validation: 1. Enable policy diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index fc85260394..9b6886930d 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Power @@ -57,6 +57,29 @@ ms.date: 03/12/2018 **Power/AllowStandbyStatesWhenSleepingOnBattery** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +214,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -255,7 +278,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -319,7 +342,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -383,7 +406,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -571,7 +594,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -635,7 +658,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 07ba3d94de..5f1af3e3c0 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - TextInput @@ -680,29 +680,6 @@ The following list shows the supported values: **TextInput/AllowLinguisticDataCollection** - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
- - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -717,21 +694,16 @@ The following list shows the supported values: ADMX Info: +- GP English name: *Improve inking and typing recognition* - GP name: *AllowLinguisticDataCollection* +- GP path: *Windows Components/Text Input* - GP ADMX file name: *TextInput.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 70198e988d..5462333ba5 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Update @@ -917,6 +917,15 @@ The following list shows the supported values: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -2138,6 +2147,15 @@ ADMX Info: **Update/PhoneUpdateRestrictions** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index c5ac238f1d..4f33bd0bdf 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsConnectionManager @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 16e39d3e9c..5029554ef7 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsLogon @@ -166,6 +166,29 @@ ADMX Info: **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -270,6 +293,29 @@ To validate on Desktop, do the following: **WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index ee96a4746f..dca0467136 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsPowerShell @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): From eb4cdc7b7b53f4de0d552e2f2d47e508e4012657 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 16 Apr 2018 14:08:00 -0700 Subject: [PATCH 4/5] fixed dup in blocklist --- ...oy-windows-defender-application-control.md | 688 ------------------ 1 file changed, 688 deletions(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index dc3ee14438..1ca9c16abd 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -784,694 +784,6 @@ Microsoft recommends that you block the following Microsoft-signed applications 0 - - - 10.0.0.0 - {A244370E-44C9-4C06-B551-F6016E563076} - {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 ``` From a771098bb212cbbc14df798319ac2b85750652c6 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 16 Apr 2018 22:04:13 +0000 Subject: [PATCH 5/5] Merged PR 7191: NetworkProxy CSP - added new setting --- .../images/provisioning-csp-networkproxy.png | Bin 7567 -> 10228 bytes .../client-management/mdm/networkproxy-csp.md | 35 ++++++++++-------- ...ew-in-windows-mdm-enrollment-management.md | 14 +++++++ 3 files changed, 33 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png index e46232fa427a2f197882078cab29cb8e7ad82e04..23671d20f1dad7208b75655b824b29a1928b25c0 100644 GIT binary patch literal 10228 zcmb_?c{r4B*!Dyc$(l&k$~K5%h^#659z(`b*|)J}4+%*{B|~v?|qNs`(qB~nftlszMuO%&+EF+Ya;b@R4-DqQG-CBi|T6k4M3nX z?Z8X%JQ;AsWQtxA_;be7K=mG|xQl%rcyrcHNm~g7LcPCm^n?O-l927&k^)$c1A`dTcfEPJwJLrO?K>vS{Zhaq73EV%wIbOkCB`^2)=nR+O@^nqm6 zcO!<&E3aN&%{%+;>X*;us2`}%uqctD-gnl+G?GxzU3!&!W)bBjS!&r>1Z20?YganA zCfCm2)L?gObD$*saLX?#e)G51VoO9d2&5-b$qY*ObrS+9u4h$y+1bsFx;E5R4_VlE zL!OM=W8Ux|9pnze$Lj-kSIjq`f)uf8ZiOa&mPeDeRx3?D^3ON-`-6A4@*|?z4{3+f zWc`mU*25ZnXV?41T`^r4VNuZpV+s&Bd=-bmU}m!u2D^`EQ0UdoIJx0DS@)^q$jy>p zmTfyy=Xx^zz8|@pCcAF#`tcL_FS_ylv0q19t*x*8K7!Jz@57l3cb|L4 zEIU$NuOBf_K6&iq)LCl?((``@Ysu|O*uSu3qIne+;9?G6BZ#~xc#J>T$8-ltZeMqm zWBCBJLXWcUQoqG~P+n@HxzN$PZ@h=QtZ4KBP8b@h>`C5$dhlGaTv)jo)qYZ}{f^hX zRMW%uj`XYk50r#3!6*@L>ngdE{77c~FMaTYd;PM%`kH4FVPBX6I1jq5T*sxvr7*kY zAaKaDMXvgTjk#5p3~2?cWw@P(#-c9Ao%n0FE+R7UY`?@}G6xaKa~-B_9$&zZWQ(Hd zbc+)Xv7!s|wF`H>?%4+850>&(i_Oe?O4vcM3CcdJV=fi8br7@r&8asxVz=II zyANTbimp6&q!kgoFe)NwW3;j$d|)`1VD^oWID{BUu6V{&lQu*X-|9TNa8Lh-h~dLG zRizP%0cLCxy2+Id(t~269H7|G%1KE{{YcL-wwv4r!8q@};T3f`3aPWP7sS66kwR2mdGG2~-5Ya{J6O0F6tEb=SCj$}ZdKMNI z29|2Z$T;P1Wtb%0KYUm_ZN^aE7Moid^h~)z_0w96xhkJTC2~Vxj3%_-KGh(<;N>cm z`H{UKOwza!i;57!Az5H7drHPHHayjY4N+!w6td44pIv6tsN@@2SJ#(;Qa8u0K)W-f z2@5PL=Ojq?nbe*YzDukP5|%q_S_DhNZVcUO zYkx%#YxxG8RgE2)S$Pku8mHD{p6R9npnJTQvg+6A`(3RwjEqq-(mO{#HZnQQ?smBP zg1S$kN80?jbHFz5BTjGLDBE)yZcfi%Rh%KBu!v=-AA1+HtHWdrzLMRRt+a`szs?ox z@u0y2q-Xo)U?19v%!ldo@~uXotPMveUMX^SaKbMl3c#IKsx>)jKPPUX`7k}V(s{KR zT*n=M2{B=ZxzHP%NRW|IwGqKX?&SA+Kpi4kbUrP;GiIY(>=v+p!QSv!T#TT+vwg^y zQ^%<p%Ko*qQIw>t`_*)dKa$3Gvh*4c!^&kJi@KmVLTc#|dW)tec~ao@Y($Qh*A=r=cMx zO`GvaZMl|ntJYk;%`8=bEQoxY8$yv8(vBk&VQ4sH?&_RvckR*G!>8khEwaZrPhHLv z{*td?zv-n-mc)lsZ}H2cXpANq2ytx~nYg{Zon(opKg{VMHfe6s)gH84l13pVwctk< z7PDMjXY(ZL@TTT)q{{^~XTsjEWOC4w=)Wo41QhgQ>IV`8Y6*p%0llF_lYuVL!6`rj zoOo)Gp6s822VRQ@2M3N`d!#{hIPByAGoG;d=4(}zLn<7UcPAfC7#T6Out;sd4vqFdJmqXgATcZYw!3Rw}`(FC`?%j=9CLs z?am335LdvAHiu@FEj-g|+y&PUcWQGbW zBpvk5N$p3Pzi{LxRM*!B!FS%FVGtnK3@HZ}A#_sE|#=qc(gV>xe3 z3+j0H%*nG}f2rX!G8w}2>@wWEa}{^Jt#yP@IxgjVFra*4S^AG6N`EUW6CZW-b@Khm zYFExSiNltEmM~vaH#7dKsij@@5s*W1?X0~oNi_Q1>&4HAUDi%dA6#BQ<`Hp%kBVzF z+?{Hx)cO=X*q%`Io9$fD9u2tEGz%mor!GulJS|A$7tb~m*<39|)|$*tkW0|-(dD<) z51h9vbNU%+eqkMpgd;x}t{-b>pi&2tvrRvKN5+|Gf2vR7#~QXd9_t%NyV)oo)^Dyk zRM@VL)j3(nfdqsipvK0zw&UBE*FHqPsNnGp~hPGmuOJ=*hZVSG^yS()NvuhY$@Xy3jO5V~lgo0KNEfy|)8*X%gdbPqO z26*eTxu3p+WYTOl`3uI(`gpAKX`DM<2CzZInz+{i^yZIeDw$R;E&{#SJ`-+y2m!1S zOPSew!L9JXpw}YieXqY>^~);~0>az?jNqR28J5x@0r5WMh2^STUAY;N=_gY%LPO$- zj9!V4C9oaiL_s+!&-sIU)=p90H-z)QeibV8D}ZU2E5?$lAztafQNEvyGw+i#BUrj+ zgGl{O2MF>Px33ebOG`IqDMbN&{k+#@kaV~3##f{|H@7(^-$CA;GN=C{NhE8Y-vB0x zPSi0Z))O45>p}+bjqN|FdsEI-VYQc@=Ow55E$%Fj{!75RIyoRob1@0r-dMcnYe*wQaCy8P4f>YzTevuOE|_E_{l z6OX_D_qymNr1;)8Mrrb^5+x8?UM?g{qjZfT6{T*u8U#z|Mv>~w zj%#;|AM3)M?;IkH#iDCER&#+bVd9lrz1X&~BanS4WlDkE z&lgM?C)spstm8*hwts^gOJ5goNyHJ|Z#^gvbuZeP>VY$u&G)*D&@6idDy5vYTIdVl zyo6e~uf6;ziyrdf&b0c$QVS*8_61CRWor>y<=fQajI?&uAEj2SnF&xd)612sF8%t( zCNxjQgY;E`l{cfA-b`&((&d#mhq^B(gkIHAw5V`c`DaI$ETenGhvgK8x`gcua100? zgP-q5I^L@JoxSAHBClN&+Y?{ilPPqea7fY+8o1u@U2awksvw}YigRL2JurVTr(`*G zvJpJ>Qu-~{IBT)@>b1b;knhMV6VRBuq$)_ovuuvo^Nr+D=C_t(j5+&GBbi9PcFYV0ySlWTaA3g7nZ##`u7G+EVjA@#|}^)@-Lzb}s%iuTEtB-LsR9 z70d z6uU64f{QYhxzkUdH@VF4NwpjF&*Phh2Ad0gX+cI`LWw+D$o~EEn!swW(F@2Gw91q) zZ}r1bsp{qu_Gdk1FoNL}Mh_=m>F7!M_M%HUlL-sWikH$*z{cy+OXxQ~-VTI=J{AH2 z{u%k{WW`wE_DPVFG^^9G^U}iO{iB(bl@*p06TdE+6WO1f`2A*0S}{_P=!Jq1J*RQo z7G%N_0v5V`vTIziV^ET^5BJ&cm|HOU?7q!A=Xg(6swy{N0ymi&QK>%7OUa6t(RgjX z4*GLjIjsEn)tG+HeYhzlQ`}sRoDp`dTlu+vfXt*)C~T1ij(N;Q0Ml0Jq++=ym3az~ zU-k#smt?w&O_{Ykhv!mY!6ib!UD9O{#t+SyR)=pgAmLTHrA$t&olN$LeEI8r=w33qQ}PT^!`QmWWLT)EZaWMfF! zV>#dL$6Eo08v}-Isj2Lf9j|7giWBh@U5bW0OVacx*@`*brlDqsNAkRqJhgaSos-Up z(r8Mj)#mTM*~`H}NAuFWRM%;HJb8W~y=)~22iqwpTVuqg8POnjjL?h zw5DAqb-W)6rioLyMz%T zNwgp-{r)R;95*u@+ZH z#m4Y`x&c*Kh_P^KDZAW0@b$2lXKd)Yj2RYhjr3mcxLZKlF;jDMO8J4j!kz^y&wZH~ zr<$eotcst-51eiLPFU*eq+&?#fWts&d>C!r!+vlJa_aj>a|5yf)4E~xBv{ND?BHj; z97oYKYhCdvZaEePys4d=(>clo=tKL8kdU%irAAUw5&iN&)^u_g(IkgbS4Kl(Hb$){ zqZA?Bn^KuO42SezsJXcCJF+TVusc+33U5He+9g(yA0sjKSdK15|5@PyA$QO94)Fo$ z_|sqtY1Ckcm*iy3R*1jJ`I}O2mldD*!=loQ&PviAwLyBb7}!i%uP3)QYCC7xB^DlT+;#%_T~7nP55}H zPvB_4MCg8q)Z|_1!^BwF#qwVvHQ2q*+X+E0u_~dv?QtYY>FEg4?l+2 zoydJYkG|WV;gAu%{h%Q+_$I0#{tP}*sbz)g!)@ZkF490LV7P?vp28Ea^#_jow{qj83-tUJaR{6n}*xb|Uq~9JiM}LNIJ>%K`66 z_4FNhAKT<9t@w;*tWf)?z?&El(jQUn< z7WiyWu%Sf2+#dBvDmjs`_A3R~x z$1wgrEp_Szha5#aD6b!@HYRV^ z4Hjr^(y@EI6(b(x#h09!w%2Wl0*X+I}dQdhtKkNb$^Mu&`JIcU9f-y zOdSVo(jfFZh-|y$t zo3pwEF=_G3al*}~k>`Hn1>+%1qfkB|?7LFf+m3OaBRotz`@La|yS>(PbvVL3J3s4k za)+i8Cd+)rq^7XO%Tygnc{t3O0>d6DZ5w`4DN^~f@ZtPa80O-cKyY|@sqY=xl}_Xe zZ)d6;VZqldKIvhuktw7Be-?d@c`{Y;oKY=5x6jMTIeQK#E0bE7GJglT555`d07TSw z6Eb7~=1)Oj^Xs`WLbnnLvx)Tf>1cg;V-}a?C`hbiE;tXzr2E6Qhe!|56vDdd<_GYo zdO}I@Ih8U|zno9GAL)sTk(|%&>K4w%zUBLf$*eG<{`>Shs<57E(bbyikOD+O5qLK; zE}WQOZJiha;V2hOFkMIH9<(#R z@v(6Yn1TxM0MIt5_9`MQ7YlPj+wNIJxz81(WnjgJ+~5Zug;L6R>gyn2*WSSqH9xy% z42xuWn+oi{PkNk1H~t1_C$L-(Y3FnNWG`R4NXRy4l>8Xpt9l4+DiCHbkcp=XOq5K1 zjcq96cJ$_h9h`gV0FM+!orGPnt-^9qpzl##u|dmkbn2D_lX7`HH>R?0kGUf5#onft zFL*1UPVwdnY-tHFNAssY`&(l!q1j-O9>bx6y6iXexVD5<9MIpSQj*T$e&>?{#NXBQ ziL9$e4vMM+pa#NTMns$}hoNmX7_)P~-#+H|DX-e}iI%CuI|deNfPWo#A;go_8tcd! zB40!N9Z$w+ri-6x9_deQYcc|0Q5i;_kXQzTpD%RsZ0i}7#-RRmL;ev?=w_OxulyJFI}6vn~f%$3;D2Z_xC{b{gIcWGW}7K^=xA!o;E zhz@Sb$}Mb$=g{{k0AY&lL2i`!dT>-QzElk5wBNJfq~ zH3Ky0{3$6!ZdNioo(1+@2hL0JKViz=?*$@V;;J^LUh`*qLaH3Pw$^z}T~8c9?C9ud zA;_;PV7K_MApf_P*uR(ge;YV!7Z_OAKmXi&+6QoF47%}0Q>_~t8?&=He!8Hu6Sxo{ z`U*>M<#4hS;FN8S%!r?O%(ese!2N}U`0;>+sIqQdbQj?Nq2Ywvt_&c&j6h*wVVS3R zNgAmgFtc`#)7kSqQ)Sl)z$q7f6H^*NaS_h(qHBXI$9BA>;D(68o&E3676aEQhH9c(u*D0@uP}iV+y3PDaZ#TLA zWKg;RMtmZMP~&4aXIsgvcyM|Ue}2@?ym{`W=}TA{U@IoxIeCNj?MPV9UV%$#*?Dx7 z=vn9RL0_UqkVDv!xvgI?wClL!Do-9)B_wIqEEAjroyTS03Y4uF8rH0fF0UaVTACL2 z)@Dqt@KqZ1rv?FF(Tn}PArvq)JW=00;{DmlYjD<9hSz@5Pg8EJWvOhb_oOr;-r z;K}6uO`9lQN}({;-`+Rbf9DZMlWha$s_iOligsbRt#a zci%bWnY36J`fi80dYBa@T18AW> zV%&Rq6q(cWe2bPH9Cal@2l{%2MlD1pg|dQqT{21I<7~|96)^`|lsu(9?BED!Bw#Gz ziD-raIslQ_mYvPqlP;Kax#j|;cT6(SC_8PY?b84GbZ2Kr%c*)cIFEO~#^eU?Ki>&;Of{A30+pCTS*6?_zz=8S|?mRrhKSFCk6km}K4=OgE$ zJQenrX21B2E1Lg6l1c%4H8^{Fjk zNe|0b{evyve2~AsJE4QQgrRW#5eu$>5#6ne*GyC$gfeWc`|^ZTD@!LkrY6^h zoQ<<@Eg#Z(pX~g0AYKuF7q&tdYiNKwjdr}=yc!PFzLv)a-F1+Msiz`f#ET(5x7}5E zH_AM-4zxWB9`6raPLS0pm^NafiqI5#-`yjXlb5cG-D(W^#aoh<^#dv9IN&+%$ZK0{ z0mqJ?^>k*2U(F<0>0#9O{P2qkvf98sdezuve0c+yig;C2(CTzMyz0i;Z0XV9{CrnZ zz^ID85?sgSM~gG7g!*V&4q|sjM5MF|#&2Peb2?GCLf4yr$sH$N-RZ!5&TFPsOsv$^ zj^VK4#nL#t(4$dWZ6O~!R?H2E`^k>gOz4F_Tig1}hI-r1W!EamUaK?onn6x+v=zBD zCQ1e&M|5A^XubljOYA797Z~V2e=Vt5Gg(LD5 KzwzC;BMSk#?!R{Hjh;>%iEd1 z5otLNEx_$p{sVwwZUe6Y<{=el*+82CvRn@R_!uUl>*4Qddkxd;i6F{ejv9SHSCf1+N*CqNGB>W-P ze}?{lJ@X0ZM^sA}9PN~Si?gsSURt&aM=)o5ix?F6!yoW9Lbc?r%R=Kd??i`hw;+Lw zw0N*b51jY!e=$qA)8>6ba$hdcP)8H`+8mSeS2PGL zCQ^I5J|$Zp+ma1EI6P$j^8F9WpEq2`AN-S1o@@+6UhPi(yq{zhJc~@wXs#J&yJIM* zJKW)s#%MXAq(26i=8elKzZP{COW*5a<~lx-d6JIkPZA!?)Y2{*N<})K;_bxkD96o7 z-*0A+&fh7AQN4kmdpAu*-eol=M{N8m67!p7B#nJKA+lbHu zql*BRriq&ysozUX$IVU-bem@SqF}D6DI1ryjAB-xW!X_P#2Vcitg~;^jUl%ZyyHTi zyHIUN3xEQ*2BRBTWJl66FHfl=Z1@l-R(z4*7+#INSyW)*ekw~wH(HPecBX!PfjRdK z^E&Gekx)ZF?z`nDQO@>WtjUR-1AGGunP;`9#B&X7d^DF`xK#TZ`-jzpYS7TEDqFU|(oP+z% zhF07CK$8Dg5T1YSv3Tm|dXFOwS{I3UPrBBv6!cnb+0!q+Y+FS{&?;`TvjZ zhv~4v!9n9Q9w?xpJErnS%inku(l0s}-hv$7$-Kc8>~t$f3$!j z7V(GnB{*w61#Rz*JEo|Sn92P9P}swi0$Od?XcwC%pd!}Cq<`XekPBe?pzh&h>e*lx zi1`pc36)5GcUPz|dQ)qJW5?HHNpn47;uqNe&U$>&3CpdF940^{Ti>o~qG{8B&dc7+ z{-?2*?p_m!pS&CkTCJ8rUtUThkTVB^C=u?vk@5_h<~f$w>&0F#W%|f$$yRz++zKKF zQtNoEfubKL+j-~O6W6X!f>&R07jv&D4M&nb!EpE1D3QOdOw&U2VcnE8f%R4wf00u z-&7A~$ZQ^+0*V_(LIGrQiHV6N_0g{`q|9AXwNc6|hW$gPFclx59COUyD1;5LTzli!KE+!#avD8` z0DcZm6DKzI*pB$BWvcqN2}#a@M~cVgJL=KO_h%CzQL^ZHCJ=?JB@8 Q^+4(mbnX}5d;IeM0N*Hpd;kCd literal 7567 zcmbuEcT`i$x5r}vl_Dwv0t#N~El3cgs|Y9%dNUY6g@DpS37sg2h@dnfM4EI00W?Sr z{Zc&;q#Jq*i1Z*u>I-_`@AuYwzx&?$t@p=Svu4gYb7uDb?$7L*6Q-|whnazk0R#du zYu;5e1c8oVY1gHbM`b!K}S!VudeHuIQQv9 zS#FVJ=yXibw{`R5PDq_W?GRamsjaLMhwG0n)oQ*KzK?o*-E{J+j|k@O~;FPVl#4(@!>DUvI${X#` zwL-CN#X>b()kd9Ff%{n@S>elLH5Jv>PD>1+^HY_Mc6PIiHwu%?<#s#9lqTAxAU}6M z{d9ErIcb*~VC&2RIv?dmo|&=T(VDLfJSZYXT-mwsQCOwe!@giZ=K3iR^)6h{)JE0j zV1EehF>{W*=}-AKt6TPF_vfgEdp_v$?McYT5*u~dlCuhmW!E;x>yNpYfiAyBlJ|Bt z^&~E$X7uQul<}1LU`#Z(LH$UBK(` zd{E9!it@(Y8r7Va&5n43K?qI}f?Ig*J4!ArEPP8m0g~!Qh$T~I^;G7diP3!h;$a-q z{-vd6b8`|78pIFxpo9-S@#l;w@hUMAmR`<%NSL#k{c2x-fg>|QqrCsaVm70Ch({Wi zVYAM$=Q88HJZ@=w{eOnCtaluHdSQ;RL23GqmNw;TAwccr`8>}!U5yJ!$2r4p-)|cP z4N|geWG%GNNHap1JjFOXh9^zxjWX%m*Rx6HOs`HGiIs;{EOhjLtlgzZZqFRK8R0?h z&gxH_id1yBZL|^mP;!!R{e?(NSgy=lf8lu{$=oKLq-~Vh#z&|l^nS8t(pe3bSfo}6 zj-e1Rwn@vnONO7)ZK;8mfE9fw;)q^9)ullgsRF?5$64-M?Ta?*d?RlOH~E8(V&oeJ ziNJ6}qg-~X4X6SfYY;rpiFo=U&lBdp+PJ-4S>ppbBb_n;zzcE{1mdDzmV9sl| zz(B+o$eX;{cw=D?Y{|>S1i-tR=`zP0K{W7MAL$fsikIbyWU=4utRzaj0K+GM|4Sxs}U~Tf*_wAY>sX*H7f_f)Kli}CZy4K=9F5k|&PG31KRf2O6$^a|j{x#^`VM~h+H*MFZ0Cg=Yp|MBXfe940eI=lTSk+yp4$PUTWq2b|cUW}k_elRQEBfi#;Dq_bT z9S|9)s4;56{s1I`adL4ff;${|FAb64S9TI^xA5K=2wWRI*e4J3gIf70ka`k{wBA>i z7%tSj!tu_=>n!lmDmef-M?G4!dF<_ECA7Gv2E38DwzyW5vKRf;lcA^&Jf^VWVzsxf zm()->-P9ARD{;}%+;aDu9xt`<0_e}EWk?4N5=8?<-vD**0+jrZ?GhnN-`QzZi4*9x zeqz<^mAb+U(**Oi;kL-^T4)t90NQI6j)j^uXnOrK5vG{=obp9FH$H%}j>*QW8Tk zA;75IreBW#XX!B&$=Y$CAhB$eA{}t#g-{D(XlRHx(BCgDV4|=1hHp*j^6uJ?=+1++ zc`H|j`IsW!gHR4VUf*I*sK4X{GaB@w-V^(EO56hGO=(95((smaN<)x$wR(EE8@@?u znb`o{JR*V#6R6vzR^+Kfg&Ch))uDWAGII`GDXh>0MctVs6ciMMXmd0!HDk4HxTu2_ zyy%rxiQjl6Xqydnrfj84hqV5f?&y~a$Lu@jkS72xgZ3jrVqxw39}d zTO&}JFe=JT$+nxJ{Q(zzKKhSi}pNoM+O#mr5K>Fbr=HiX4yUyA?--oYGCqV zm!d*upbmu>jS{`|#*{!WqrpTE1a5F_y$sJUR4S)SY?pl*v7y?Gu6$7AYagBP!V@+T5;Hr=WN9H#p>HDZvAde3EfFvas?(^1`loV?Ehaya)`H*3Z3;Iz zNABQ%w^C`Imrbr$x9wsc5r~-+GHAPu!Ri`Q(kyHlk{NLyn}Va+Vv@7rpD8F6!$9hc zmovK63UPG$vV~wdEnQho_HD+>+bl<07H*lK&j$W+?ET3pLMRKb<>S-|WgzdfoaOq# zlQr_D%UJIwBj{oTaC}6Om$!QBl{C6FH)WCdt*PF86O+Q)`$`>Xi1=BbjhP@8ylWd&wWkNhwNbYFiVq_LAwr)k5I-qvDD$ zH7h+c#k34*rdY>`SqeEw@zceh{vKCU z+qFfNj67%w%Sob&bh7B7b^PnCZX9$sbT`q0cy~^qE^3-6ZW|C#J+v73V>R@Vr+$&Y z)5bQdWc6C&PeAwQ+u3G6^m(flTHJb9t1TH#E2oqTB2&PZCT-=8CY&l+|9`Q#opjC&EVE{97(t6!5 z$B+2-F5fWE-&)(V?cXL0@fTpB$>t}1z537!E|}Q^V^!epmoYTF{jw96-P@n+Ajsw> zZ8KZJnYG9h1gO$u;y$o|9Y`CQP1B*NUW3?TA95l9ZKHugw2dBfOQH@T03AiV?kh|= zSbe5t?&QXrXXZpuBFnzpMm;2y15)8XY^$yTrGx6TI5(Jd*`jwapxS&Nb4kfxyBr_m zzc;{vVJ0RAw{XH`mAP zqO~im)q9?R_F2r%$W)$9wXC4hRszKyTeuWAbWfilz0CKr3eRW6oKbuMeWf@>$HJK> z+nmkB9nf**gfeX;2td6fMa&ddYoIOWTgJgBJf3p~{|)QqCku4;Fiv4hCQ&{6kQH(NM1th~d4HR~&t7!RQTa z`cJi+RMm=6O)pDh2@~);{tf8h8|B|liuJ%waa}5z?;Y%BFk+9LzYO?N(-aWzT4anw z4XA`kbB&+ExHId^C`N zv`3gW6GN{;tcYZ5u2BF6GjyBgcv^@&N8$mhZIStLY{z>`WwHR06_()0HYAZxaE<>C z7u+!GqNw5b5p)K{iUa-JhCRdQbes?5`7VAV)MIil|F(W#t)(CxzYzMIJ^d+KPO1g@92?6KSLX%uZB_(CPyX_# z>N?oSK;fleDUsE99tyhcKf9WeU%8=R?&WSBxeMxiv?}KD=Xhu^Z%kwCKUl;EDCdv68SH&~`^~7jnYTx}uKL{I~zUTBI z{cyBsMbYRdgXE0FyLz(dQo$o*d`+YgK19=uA_mAhGG2e0Pn4pvVi7$n?@MGOi z)h;8`(|WO_xR#c-$UP!LdAKhLFZ0`95X<4taXF_n$|vN3M} zD?N3Wkf0?n6?6+M?MpDbzk06CTnrX{n$TpkW2~{h@aB)4&a|O7GBiU~dBRK*oODbIF9nBMOeuN)SQ_}&^4 zBlR8*ZQ}S`wIwrr!6vo3#8k2xdx@~P^&7%h1HjTDwqhLe+FYVi;rOV9Ygr!*lkcEd zk?clVnlo=-E?sqD!m4<6p&bAEMgq{B(7^oO<#%Sd*{OM$loSHo%a?}9epqU z20QOYLjCdoI}NDz+x)G6@A&KYh2CAkQq5=ECvnbI%b00m4rzU@x4+S-y{zO#BrXDfQTQ08V%DHs{%yRD|ftJkC+Go z7Vcuy&7a^=Lhq%KO{Bq_0uzK0nh6=f#n!|HEFbNRY3zxRUA~@ssSv{Bfpf-|>ObB* zU;Zn08WcC0jTnRnUu&pFyM>7*%n&+XlV23R$M|*K_Q8WWcoXin%%u?B^PfDVq;mN_ zzv32UP{E^FnpsL4K)S`o4~J!5ScT#vFj!)18sd|ba7Crx;N3qX=fh$0A`3`8$^8@z zoh4<3>&8V~J^T2(swg=|ftI;x&-Yt}0HT^}lj^mWJCS{tb)pB4RVFGDgOrw>JT4vK zM3X0@S`eOU3l3~4pCi7=yv=>jn>WFUZO%!G;X3RfWS+nnZdm}}ZJ<)Ei0x2%5yeIz z-6r6?iMD#Gn?e~cJMBIFO7Rh&!O}ebc#G1^LfX(9<`F1SS8UA7?XJvX@pEj`lK{I` zvr3-k#H2$VZgO-o#?fZYBiT`NBnW7r!;m@q5qbQDBKNU0}%UiZHP{|NWs_v<^W4r)$p+X9t%%s^Sh}a@c?QSdewc1P!VAr5aYv zUGoGZUD02?YxvVJ$N~Qs1%{@`^}$y^qg0;;q*u4kTEEZ=0Ut}CWm7N5AuB9!_ABK~ zyR>*X2|jjEhxj81sJroR+`1bACQ>&LYj=>Ko#W_8PB2?##Ae&&9iCAkKDaCAsz|x` z|6Y)zqIvs=mhV65u=yS#O=Xp(i5f!TXZtntR_K0ki(S8?&jcaum+6_Ydnis$(Zf#3 zQEgr@;(G2_vcvb#U*ev(E{W(S8cgx!^OI9wsdm9-jVVYo6r$%g3DRNw!H@M=>qd49 zXJ0BlT8M@j@F2o!yNRf3$2S9aP)Qm9uGon*2`k;RP!B&Bz;B8+xhpSFS63`io@r+)NZ`p z2rEgjB(o8rV8S^Htf0GEps)9&8H?I_z@f*g!8^@eLz530#XoU0_*X+E$>(6@gk>|nBfyUEaN<7bQTJ4yne8-M(2DUdeAc2IXnJAw+ z6pXCR4~_0uy=sFhhEiR+(xW|1-CcvPGVVXwIqwMSdnLJ4?}mNZhn^%J#k2+I5=uhX zA-{}YBk05naXX|EA%Gd2Pg|L39;ue3mJYtKMpZ~X_uX150r)GP%P3RQ4NL<{a z4)M$|4R9Xy^`d1NttvCyuW5&XG|SL%Nq?2L3;h4lSk!~|k6=cju7*lG;9s>miwQYY z>Zfj%V(+{P@1Ur?&xU?T2M5Mq?NiF=)|$}G-BbTEfd0`q1MB8>QGrkD$#vS+;c!e~ zM$8je7;1YFq59qQFDwscN|wzZxo%2~l(pr?QqRV&WyPv+$tl68Ru;*4#vAnps5@pq4v|kz4@ko9 zy4h-kv_ZvCSh*!qNfVxZef^O{?Fr8UZy6!K4`5Mi#@sqYg|giV{b@qbGcu)3-Ca~M zBgV{tW$GB~oZQF<#jTL| zdtsBzNTvoI&vFB!;nPUS?N4!&p*WsynZDb7X>$^Y>*Pa}<2XIfW#!u0fgnC$G5e)> zu{%J6H;#=(P+2rz_q*5=FS+q>>r}2EGSC!l(%xW)PP5+4?4b+%OyuqNH~ZVi#H!R?*>g7S4XH zdR^yZ&qd_|id40w-~n39D)(T?jfp3H?YKZ75mtmA2k|e+ZX$>dtg0!g+wWAc=Rw z0NZ*}msTObkeHJ~5XM;GB+Yws>~lqhG6>9wbLiNp^$rgBx^JZe@M!r{sp@tJm-L**./Vendor/MSFT/NetworkProxy** -

The root node for the NetworkProxy configuration service provider..

+The root node for the NetworkProxy configuration service provider..

+ +**ProxySettingsPerUser** +Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide; set to 1 for proxy configuratio per user. **AutoDetect** -

Automatically detect settings. If enabled, the system tries to find the path to a PAC script.

-

Valid values:

+Automatically detect settings. If enabled, the system tries to find the path to a PAC script.

+Valid values:

  • 0 - Disabled
  • 1 (default) - Enabled
-

The data type is int. Supported operations are Get and Replace.

+The data type is int. Supported operations are Get and Replace.

**SetupScriptUrl** -

Address to the PAC script you want to use.

-

The data type is string. Supported operations are Get and Replace.

+Address to the PAC script you want to use.

+The data type is string. Supported operations are Get and Replace.

**ProxyServer** -

Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.

-

Supported operation is Get.

+Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.

+Supported operation is Get.

**ProxyAddress** -

Address to the proxy server. Specify an address in the format <server>[“:”<port>]. 

-

The data type is string. Supported operations are Get and Replace.

+Address to the proxy server. Specify an address in the format <server>[“:”<port>]. 

+The data type is string. Supported operations are Get and Replace.

**Exceptions** -

Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries. 

-

The data type is string. Supported operations are Get and Replace.

+Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries. 

+The data type is string. Supported operations are Get and Replace.

**UseProxyForLocalAddresses** -

Specifies whether the proxy server should be used for local (intranet) addresses. 

-

Valid values:

+Specifies whether the proxy server should be used for local (intranet) addresses. 

+Valid values:

  • 0 (default) - Do not use proxy server for local addresses
  • 1 - Use proxy server for local addresses
-

The data type is int. Supported operations are Get and Replace.

+The data type is int. Supported operations are Get and Replace.

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 31bc357659..ade8803846 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1348,6 +1348,13 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • UntrustedCertificates
    • + +[NetworkProxy CSP](\networkproxy--csp.md) +

    Added the following node in Windows 10, version 1803:

    +
      +
    • ProxySettingsPerUser
      • +
    + @@ -1639,6 +1646,13 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware +[NetworkProxy CSP](\networkproxy--csp.md) +

    Added the following node in Windows 10, version 1803:

    +
      +
    • ProxySettingsPerUser
      • +
    + + [Policy CSP](policy-configuration-service-provider.md)

    Added the following new policies for Windows 10, version 1803: