diff --git a/windows/configuration/assigned-access/assigned-access-configuration-file.md b/windows/configuration/assigned-access/assigned-access-configuration-file.md index 5681aa7c81..a62b40eb0c 100644 --- a/windows/configuration/assigned-access/assigned-access-configuration-file.md +++ b/windows/configuration/assigned-access/assigned-access-configuration-file.md @@ -35,6 +35,7 @@ You can start your file by pasting the following XML code into a text editor, an + diff --git a/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md b/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md index d2d0c81c3e..cc58824f3d 100644 --- a/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md +++ b/windows/configuration/assigned-access/assigned-access-quickstart-restricted-experience.md @@ -36,19 +36,8 @@ The examples can be modified to fit your specific requirements. For example, you > > When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires *DeviceManagementConfiguration.ReadWrite.All* permissions. - - [!INCLUDE [assigned-access-quickstart-restricted-experience-intune.md](includes/assigned-access-quickstart-restricted-experience-intune.md)] - [!INCLUDE [intune-custom-settings-2](../../../includes/configure/intune-custom-settings-2.md)] Alternatively, you can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3]. @@ -56,13 +45,7 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the - **Setting:** `./Vendor/MSFT/AssignedAccess/Configuration` - **Value:** -::: zone pivot="windows-11" -[!INCLUDE [assigned-access-quickstart-restricted-experience-xml-11.md](includes/assigned-access-quickstart-restricted-experience-xml-11.md)] -::: zone-end - -::: zone pivot="windows-10" -[!INCLUDE [assigned-access-quickstart-restricted-experience-xml-10.md](includes/assigned-access-quickstart-restricted-experience-xml-10.md)] -::: zone-end +[!INCLUDE [assigned-access-quickstart-restricted-experience-xml.md](includes/assigned-access-quickstart-restricted-experience-xml.md)] #### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) @@ -71,13 +54,7 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the - **Path:** `AssignedAccess/MultiAppAssignedAccessSettings` - **Value:** -::: zone pivot="windows-11" -[!INCLUDE [assigned-access-quickstart-restricted-experience-xml-11.md](includes/assigned-access-quickstart-restricted-experience-xml-11.md)] -::: zone-end - -::: zone pivot="windows-10" -[!INCLUDE [assigned-access-quickstart-restricted-experience-xml-10.md](includes/assigned-access-quickstart-restricted-experience-xml-10.md)] -::: zone-end +[!INCLUDE [assigned-access-quickstart-restricted-experience-xml.md](includes/assigned-access-quickstart-restricted-experience-xml.md)] [!INCLUDE [provisioning-package-2](../../../includes/configure/provisioning-package-2.md)] @@ -85,13 +62,7 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the [!INCLUDE [powershell-wmi-bridge-1](../../../includes/configure/powershell-wmi-bridge-1.md)] -::: zone pivot="windows-11" -[!INCLUDE [assigned-access-quickstart-restricted-experience-ps-11.md](includes/assigned-access-quickstart-restricted-experience-ps-11.md)] -::: zone-end - -::: zone pivot="windows-10" -[!INCLUDE [assigned-access-quickstart-restricted-experience-ps-10.md](includes/assigned-access-quickstart-restricted-experience-ps-10.md)] -::: zone-end +[!INCLUDE [assigned-access-quickstart-restricted-experience-ps.md](includes/assigned-access-quickstart-restricted-experience-ps.md)] [!INCLUDE [powershell-wmi-bridge-2](../../../includes/configure/powershell-wmi-bridge-2.md)] diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-10.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-10.md deleted file mode 100644 index 24c674fcd1..0000000000 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-10.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 02/05/2024 -ms.topic: include ---- - -```msgraph-interactive -POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations -Content-Type: application/json - -{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 10", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n ]]>\n \n \n \n \n \n \n \n \n \n \n" } ] } -``` diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-11.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-11.md deleted file mode 100644 index fa89d14b4b..0000000000 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-intune-11.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 02/05/2024 -ms.topic: include ---- - -```msgraph-interactive -POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations -Content-Type: application/json - -{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 11", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] } -``` \ No newline at end of file diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-11.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-11.md deleted file mode 100644 index 63d7e42d6e..0000000000 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-11.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 02/05/2024 -ms.topic: include ---- - -```powershell -$assignedAccessConfiguration = @" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"@ - -$eventLogFilterHashTable = @{ - ProviderName = "Microsoft-Windows-AssignedAccess"; - StartTime = Get-Date -Millisecond 0 -} - -$namespaceName="root\cimv2\mdm\dmmap" -$className="MDM_AssignedAccess" -$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration) -$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue -if($cimSetError) { - Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n" - Write-Error -ErrorRecord $cimSetError[0] - - $timeout = New-TimeSpan -Seconds 30 - $stopwatch = [System.Diagnostics.Stopwatch]::StartNew() - do{ - $events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore - } until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available - - if($events.Count) { - $events | ForEach-Object { - Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")" - } - } else { - Write-Warning "Timed-out attempting to retrieve event logs..." - } - - Exit 1 -} - -Write-Output "Successfully applied Assigned Access configuration" -``` \ No newline at end of file diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-10.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps.md similarity index 56% rename from windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-10.md rename to windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps.md index b6747b82fa..59fb999668 100644 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps-10.md +++ b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-ps.md @@ -5,6 +5,8 @@ ms.date: 02/05/2024 ms.topic: include --- +::: zone pivot="windows-10" + ```powershell $assignedAccessConfiguration = @" @@ -98,4 +100,98 @@ if($cimSetError) { } Write-Output "Successfully applied Assigned Access configuration" -``` \ No newline at end of file +``` + + +::: zone-end + +::: zone pivot="windows-11" + +```powershell +$assignedAccessConfiguration = @" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +"@ + +$eventLogFilterHashTable = @{ + ProviderName = "Microsoft-Windows-AssignedAccess"; + StartTime = Get-Date -Millisecond 0 +} + +$namespaceName="root\cimv2\mdm\dmmap" +$className="MDM_AssignedAccess" +$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className +$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration) +$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue +if($cimSetError) { + Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n" + Write-Error -ErrorRecord $cimSetError[0] + + $timeout = New-TimeSpan -Seconds 30 + $stopwatch = [System.Diagnostics.Stopwatch]::StartNew() + do{ + $events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore + } until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available + + if($events.Count) { + $events | ForEach-Object { + Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")" + } + } else { + Write-Warning "Timed-out attempting to retrieve event logs..." + } + + Exit 1 +} + +Write-Output "Successfully applied Assigned Access configuration" +``` + +::: zone-end \ No newline at end of file diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-11.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-11.md deleted file mode 100644 index 7aace4d399..0000000000 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-11.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 02/05/2024 -ms.topic: include ---- - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` diff --git a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-10.md b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml.md similarity index 58% rename from windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-10.md rename to windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml.md index 33c7a95b9f..4fc52f00bf 100644 --- a/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml-10.md +++ b/windows/configuration/assigned-access/includes/assigned-access-quickstart-restricted-experience-xml.md @@ -5,6 +5,8 @@ ms.date: 02/05/2024 ms.topic: include --- +::: zone pivot="windows-10" + ```xml ``` + +::: zone-end + +::: zone pivot="windows-11" + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +::: zone-end