If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
- If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+1. If your build fails, an error message shows up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. If your build is successful, the name of the provisioning package, output directory, and project directory is shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-
-
- - If you are done, select **Finish** to close the wizard and go back to the **Customizations Page**.
+ - If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
1. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
- Shared network folder
-
- SharePoint site
-
- Removable media (USB/SD)
-
- Email
-**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+## Next steps
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 2f8bb266e1..a5e44cee63 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -2,7 +2,7 @@
title: Apply a provisioning package
description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
# Apply a provisioning package
@@ -13,22 +13,20 @@ Provisioning packages can be applied to a device during initial setup (out-of-bo
>
> - Applying a provisioning package to a desktop device requires administrator privileges on the device.
> - You can interrupt a long-running provisioning process by pressing ESC.
-
-> [!TIP]
-> In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
+> - In addition to the following methods, you can use the PowerShell cmdlet [Install-ProvisioningPackage](/powershell/module/provisioning/Install-ProvisioningPackage) with `-LogsDirectoryPath` to get logs for the operation.
## During initial setup
To apply a provisioning package from a USB drive during initial setup:
-1. Start with a device on the initial setup screen. If the device has gone past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
+1. Start with a device on the initial setup screen. If the device goes past this screen, reset the device to start over. To reset, go to **Settings** > **System** > [**Recovery**](ms-settings:recovery) > **Reset this PC**.
:::image type="content" source="images/oobe.png" alt-text="The first screen when setting up a new PC.":::
1. Insert the USB drive. If nothing happens when you insert the USB drive, press the Windows key five times.
- If there's only one provisioning package on the USB drive, the provisioning package is applied. See step 5.
- - If there's more than one provisioning package on the USB drive, Windows setup recognizes the drive and ask how you want to provision the device. Select **Install provisioning package** and select **Next**.
+ - If there's more than one provisioning package on the USB drive, Windows setup recognizes the drive and asks how you want to provision the device. Select **Install provisioning package** and select **Next**.
:::image type="content" source="images/provisioning-oobe-choice.png" alt-text="What would you like to do?":::
@@ -36,11 +34,11 @@ To apply a provisioning package from a USB drive during initial setup:
:::image type="content" source="images/provisioning-oobe-choose-package.png" alt-text="Choose a package.":::
-1. The selected provisioning package will install and apply to the device.
+1. The selected provisioning package is applied to the device.
:::image type="content" source="images/provisioning-oobe-installing.png" alt-text="Setting up your PC.":::
-1. Wait for the device to load and begin applying the provisioning package. Once you see "You can remove your removable media now!" you can remove your USB drive. Windows will continue provisioning the device.
+1. Wait for the device to load and begin applying the provisioning package. After you see "You can remove your removable media now!" you can remove your USB drive. Windows continues to provision the device.
## After initial setup
@@ -60,7 +58,7 @@ Provisioning packages can be applied after initial setup through Windows setting
:::image type="content" source="images/provisioning-runtime-add-package.png" alt-text="Select and add a package.":::
-1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the UAC prompt. Select **Yes**.
+1. Provisioning packages require administrator privileges as they can modify system policies and run scripts at the system level. Ensure you trust the package you're installing before accepting the User Account Control (UAC) prompt. Select **Yes**.
:::image type="content" source="images/provisioning-runtime-UAC.png" alt-text="Do you want to allow changes to your device?":::
@@ -83,16 +81,3 @@ To apply a provisioning package directly, such as from a USB drive, folder, netw
1. The provisioning runtime asks if the package is from a source you trust. Verify that you're applying the correct package and that it's trusted. Select **Yes, add it**.
:::image type="content" source="images/provisioning-runtime-trust.png" alt-text="Do you trust this package?":::
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 12a10ae502..5ff3a5cf1d 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,20 +1,17 @@
---
title: Windows Configuration Designer command line interface
-description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows10/11 client devices.
+description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command line interface for Windows devices.
ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
-# Windows Configuration Designer command line interface (reference)
+# Windows Configuration Designer command line interface
You can use the Windows Configuration Designer command line interface (CLI) to automate the building of provisioning packages.
- IT pros can use the Windows Configuration Designer CLI to require less retooling of existing processes. You must run the Windows Configuration Designer CLI from a command window with administrator privileges.
-
- You must use the Windows Configuration Designer CLI and edit the customizations.xml sources to create a provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows Configuration Designer CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
-
-
## Syntax
``` cmd
@@ -29,25 +26,9 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML:
Precede with `+` for encryption, or `-` for no encryption. The default is no encryption. |
| Overwrite | No | Denotes whether to overwrite an existing provisioning package. Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
-
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 0824710f19..b239dfb3d5 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,16 +1,14 @@
---
-title: Create a provisioning package
-description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
+title: Create a provisioning package (advanced)
+description: Learn how to create a provisioning package for Windows, which lets you quickly configure a device without having to install a new image.
ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
-# Create a provisioning package
+# Create a provisioning package (advanced)
You can use Windows Configuration Designer to create a provisioning package (`.ppkg`) that contains customization settings, and then apply the provisioning package to a device running Windows client.
->[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md)
-
> [!TIP]
> We recommend creating a local admin account when you develop and test your provisioning package. We also recommend using a *least privileged* domain user account to join devices to the Active Directory domain.
@@ -18,29 +16,14 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
1. Open Windows Configuration Designer: From either the Start menu or Start menu search, type **Windows Configuration Designer**, and then select the **Windows Configuration Designer** shortcut.
-1. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image:
+1. Select **Advanced provisioning** on the start page, which offers multiple options for creating a provisioning package, as shown in the following image:
- - The following wizard options provide a simple interface for configuring common settings for desktop and kiosk devices:
-
- - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
- - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- - [Instructions for HoloLens wizard](/hololens/hololens-provisioning)
- - [Instructions for Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
-
- Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
-
-
- >[!NOTE]
- >To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
-
- - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
-
- >[!TIP]
- > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
- >
- > 
+ > [!TIP]
+ > You can start a project in the simple wizard editor and then switch the project to the advanced editor.
+ >
+ > 
1. Enter a name for your project, and then select **Next**.
@@ -48,7 +31,7 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
| Windows edition | Settings available for customization | Provisioning package can apply to |
|---|---|---|
- | All Windows editions | Common settings | All Windows client devices |
+ | All Windows editions | Common settings | All Windows client devices |
| All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows client desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) |
| Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices |
| Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](/hololens/hololens-provisioning) |
@@ -67,7 +50,10 @@ For an advanced provisioning project, Windows Configuration Designer opens the *
-The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](./how-it-pros-can-use-configuration-service-providers.md).
+The settings in Windows Configuration Designer are based on Windows client configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](how-it-pros-can-use-configuration-service-providers.md).
+
+> [!NOTE]
+> To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
The process for configuring settings is similar for all settings. The following table shows an example.
@@ -83,11 +69,11 @@ The process for configuring settings is similar for all settings. The following
:::image type="content" source="images/icd-step3.png" alt-text="In Windows Configuration Designer, enter a name for the certificate.":::
-1. Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and more settings are displayed:
+1. Some settings, such as this example, require additional information. In **Available customizations**, select the value you created, and more settings are displayed:
:::image type="content" source="images/icd-step4.png" alt-text="In Windows Configuration Designer, additional settings for client certificate are available.":::
-1. When the setting is configured, it is displayed in the **Selected customizations** pane:
+1. When the setting is configured, it's displayed in the **Selected customizations** pane:
:::image type="content" source="images/icd-step5.png" alt-text="In Windows Configuration Designer, the selected customizations pane shows your settings.":::
@@ -97,27 +83,26 @@ For details on each specific setting, see [Windows Provisioning settings referen
## Build package
-1. After you're done configuring your customizations, select **Export**, and then select **Provisioning Package**.
+1. After you configure your customizations, select **Export**, and then select **Provisioning Package**.
1. In the **Describe the provisioning package** window, enter the following information, and then select **Next**:
- - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
- - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field.
+ - **Name** - This field is prepopulated with the project name. You can change this value by entering a different name in the **Name** field.
+ - **Version (in Major.Minor format** - Optional. You can change the default package version by specifying a new value in the **Version** field.
- **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
- **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
1. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate, and then select **Next**. Both selections are optional:
- - **Encrypt package** - If you select this option, an autogenerated password will be shown on the screen.
- - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
+ - **Encrypt package** - If you select this option, an autogenerated password is shown on the screen.
+ - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by selecting **Select** and choosing the certificate you want to use to sign the package.
- >[!NOTE]
- >You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
-
- >
- >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
+ > [!NOTE]
+ > You should only configure provisioning package security when the package is used for device provisioning and when the package has content with sensitive security data, such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
+ >
+ > If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
1. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then select **Next**. By default, Windows Configuration Designer uses the project folder as the output location.
@@ -125,29 +110,17 @@ For details on each specific setting, see [Windows Provisioning settings referen
If you need to cancel the build, select **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations** page.
-1. If your build fails, an error message will appear that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+1. If your build fails, an error message appears that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
- If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+ If your build is successful, the name of the provisioning package, output directory, and project directory is shown.
If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, select **Back** to change the output package name and path, and then select **Next** to start another build.
-1. When you are done, select **Finish** to close the wizard and go back to the **Customizations** page.
+1. When you're done, select **Finish** to close the wizard and go back to the **Customizations** page.
-**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+## Next steps
-## Learn more
-
-- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about applying a provisioning package:
+>
+> [Apply a provisioning package](provisioning-apply-package.md)
\ No newline at end of file
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 24c02a6557..ec61311214 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,13 +1,13 @@
---
-title: How provisioning works in Windows 10/11
+title: How provisioning works in Windows
description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
# How provisioning works in Windows
-Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from Microsoft Store.
+Provisioning packages in Windows client provide IT administrators with a simplified way to apply configuration settings to Windows client devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the Microsoft Store.
## Provisioning packages
@@ -30,15 +30,10 @@ You can use provisioning packages for runtime device provisioning by accessing
When multiple provisioning packages are available for device provisioning, the combination of package owner type and package rank level defined in the package manifest is used to resolve setting conflicts. The pre-defined package owner types are listed below in the order of lowest to highest owner type precedence:
1. Microsoft
-
1. Silicon Vendor
-
1. OEM
-
1. System Integrator
-
1. Mobile Operator
-
1. IT Admin
The valid value range of package rank level is 0 to 99.
@@ -130,16 +125,3 @@ When applying provisioning packages from a removable media attached to the devic
When applying multiple provisioning packages to a device, the provisioning engine resolves settings with conflicting configuration values from different packages by evaluating the package ranking using the combination of package owner type and package rank level defined in the package metadata. A configuration setting applied from a provisioning package with the highest package ranking will be the final value applied to the device.
After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 9b572cde75..8acca19051 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,15 +1,17 @@
---
title: Install Windows Configuration Designer
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows.
ms.topic: how-to
ms.reviewer: kevinsheehan
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
-# Install Windows Configuration Designer, and learn about any limitations
+# Install Windows Configuration Designer
Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily used by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
+On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
+
## Supported platforms
Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, Microsoft Surface Hub, and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems:
@@ -18,32 +20,22 @@ Windows Configuration Designer can create provisioning packages for Windows clie
- Windows 11
- Windows 10 - x86 and amd64
-- Windows 8.1 Update - x86 and amd64
-- Windows 8.1 - x86 and amd64
-- Windows 8 - x86 and amd64
-- Windows 7 - x86 and amd64
**Server OS**:
+- Windows Server 2022
+- Windows Server 2019
- Windows Server 2016
-- Windows Server 2012 R2 Update
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
->[!WARNING]
->You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
-
-## Install Windows Configuration Designer
-
-On devices running Windows client, you can install [the Windows Configuration Designer app](https://www.microsoft.com/store/apps/9nblggh4tx22) from the Microsoft Store.
+> [!WARNING]
+> You must run Windows Configuration Designer on Windows client to configure Microsoft Entra enrollment using any of the wizards.
## Current Windows Configuration Designer limitations
-- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens. You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
+- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens. You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
-- Windows Configuration Designer doesn't work properly when the Group Policy setting **Policies** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Zones: Use only machine settings** is enabled. When this policy is set, each step will display oversized buttons that fill the **Windows Configuration Designer** window. Additionally, the various options and descriptions that are normally to the right of the buttons won't be displayed because the buttons take up all of the space in the **Windows Configuration Designer** window. To resolve the problem, run Windows Configuration Designer on a device that doesn't have this policy enabled.
+- Windows Configuration Designer doesn't work properly when the Group Policy setting **Policies** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Zones: Use only machine settings** is enabled. When this policy is set, each step displays oversized buttons that fill the **Windows Configuration Designer** window. Additionally, the various options and descriptions that are normally to the right of the buttons aren't displayed because the buttons take up all of the space in the **Windows Configuration Designer** window. To resolve the problem, run Windows Configuration Designer on a device that doesn't have this policy enabled.
- You can only run one instance of Windows Configuration Designer on your computer at a time.
@@ -68,17 +60,10 @@ On devices running Windows client, you can install [the Windows Configuration De
- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer. Don't use external sources, like network shares or removable drives. Using local files reduces the risk of interrupting the build process from a network issue, or from disconnecting the USB device.
-**Next step**: [How to create a provisioning package](provisioning-create-package.md)
+## Next steps
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+> [!div class="nextstepaction"]
+> Learn more about creating a provisioning package:
+>
+> [Create a provisioning package (simple)](provision-pcs-for-initial-deployment.md)
+> [Create a provisioning package (advanced)](provisioning-create-package.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 6ecb125be7..01be2943f7 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -2,18 +2,18 @@
title: Create a provisioning package with multivariant settings
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
ms.topic: how-to
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
# Create a provisioning package with multivariant settings
-In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
+In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
To provision multivariant settings, you use Windows Configuration Designer to create a provisioning package that contains all of the customization settings that you want to apply to any of your devices. Next, you manually edit the .XML file for that project to define each set of devices (a **Target**). For each **Target**, you specify at least one **Condition** with a value, which identifies the devices to receive the configuration. Finally, for each **Target**, you provide the customization settings to be applied to those devices.
Let's begin by learning how to define a **Target**.
-## Define a target
+## Target
In the XML file, you provide an **Id**, or friendly name, for each **Target**. Each **Target** is defined by at least one **TargetState** which contains at least one **Condition**. A **Condition** element defines the matching type between the condition and the specified value.
@@ -43,9 +43,9 @@ The following table shows the conditions supported in Windows client provisionin
| PNN | P0 | Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
| GID1 | P0 | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
| ICCID | P0 | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
-| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). |
-| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:- 0 - Empty- 1 - Ready- 2 - Locked |
-| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:- 0 - Slot 0- 1 - Slot 1 |
+| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (nonroaming). |
+| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of these values:
0 - Empty
1 - Ready
2 - Locked |
+| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of these values:
0 - Slot 0
1 - Slot 1 |
| ProcessorType | P1 | Supported | String | Use to target settings based on the processor type. |
| ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. |
| AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
@@ -53,17 +53,16 @@ The following table shows the conditions supported in Windows client provisionin
| SocIdentifier | P1 | Supported | String | Use to target settings based on the Soc Identifier. Available since 25301 OS build version. |
| Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
| Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
-| Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
-| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639). |
+| Region | P1 | Supported | Enumeration | Use to target settings based on region, using the two digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
+| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the two digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639). |
The matching types supported in Windows client are:
-| Matching type | Syntax | Example |
-| --- | --- | --- |
-| Straight match | Matching type is specified as-is | <Condition Name="ProcessorName" Value="Barton" /> |
-| Regular expression (Regex) match | Matching type is prefixed by "Pattern:" | <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> |
-| Numeric range match | Matching type is prefixed by "!Range:" | <Condition Name="MNC" Value="!Range:400, 550" /> |
-
+| Matching type | Syntax | Example |
+|-----------------------------------|-------------------------------------------|------------------------------------------------------------------------|
+| Straight match | Matching type is specified as-is | `<Condition Name="ProcessorName" Value="Barton" />` |
+| Regular expressions (Regex) match | Matching type is prefixed with `Pattern:` | `<Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" />` |
+| Numeric range match | Matching type is prefixed with `!Range:` | `<Condition Name="MNC" Value="!Range:400, 550" />` |
### TargetState priorities
@@ -76,27 +75,18 @@ Settings that match more than one **TargetState** with equal priority are applie
The **TargetState** priority is assigned based on the condition's priority (see the [Conditions table](#conditions) for priorities). The priority evaluation rules are as followed:
1. A **TargetState** with P0 conditions is higher than a **TargetState** without P0 conditions.
-
1. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
-
1. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
-
-1. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
-
+1. If the number of P0 conditions matched is equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
1. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
-
-
## Create a provisioning package with multivariant settings
Follow these steps to create a provisioning package with multivariant capabilities.
1. Build a provisioning package and configure the customizations you want to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
-
-1. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
-
+1. After you [configure the settings](provisioning-create-package.md#configure-settings), save the project.
1. Open the project folder and copy the customizations.xml file to any local location.
-
1. Use an XML or text editor to open the customizations.xml file.
The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The **Customizations** node of the file contains a **Common** section, which contains the customization settings.
@@ -131,10 +121,9 @@ Follow these steps to create a provisioning package with multivariant capabiliti
```
-1. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings.
-
- The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
+1. Edit the customizations.xml file to create a **Targets** section to describe the conditions that handle your multivariant settings.
+ The following example shows the customizations.xml, which is modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
```XML
@@ -185,18 +174,15 @@ Follow these steps to create a provisioning package with multivariant capabiliti
1. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
a. Define a child **TargetRefs** element.
-
-
b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings.
-
c. Move compliant settings from the **Common** section to the **Variant** section.
If any of the **TargetRef** elements matches the **Target**, all settings in the **Variant** are applied.
- >[!NOTE]
- >You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
+ > [!NOTE]
+ > You can define multiple **Variant** sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
- The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
+ The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that are applied if the conditions for the variant are met.
```XML
@@ -249,10 +235,9 @@ Follow these steps to create a provisioning package with multivariant capabiliti
-
```
-1. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
+1. Save the updated customizations.xml file and note the path to this updated file. You'll need the path as one of the values for the next step.
1. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml.
@@ -262,13 +247,10 @@ Follow these steps to create a provisioning package with multivariant capabiliti
icd.exe /Build-ProvisioningPackage /CustomizationXML:"C:\CustomProject\customizations.xml" /PackagePath:"C:\CustomProject\output.ppkg" /StoreFile:C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\Microsoft-Common-Provisioning.dat"
```
+In this example, the **StoreFile** corresponds to the location of the settings store that is used to create the package for the required Windows edition.
-In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition.
-
->[!NOTE]
->The provisioning package created during this step will contain the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
-
-
+> [!NOTE]
+> The provisioning package created during this step contains the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
## Events that trigger provisioning
@@ -276,26 +258,11 @@ When you install the multivariant provisioning package on a Windows client devic
The following events trigger provisioning on Windows client devices:
-| Event | Windows client for desktop editions |
-| --- | --- |
-| System boot | Supported |
-| Operating system update | Planned |
-| Package installation during device first run experience | Supported |
-| Detection of SIM presence or update | Supported |
-| Package installation at runtime | Supported |
-| Roaming detected | Not supported |
-
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-
+| Event | Windows client for desktop editions |
+|---------------------------------------------------------|-------------------------------------|
+| System boot | Supported |
+| Operating system update | Planned |
+| Package installation during device first run experience | Supported |
+| Detection of SIM presence or update | Supported |
+| Package installation at runtime | Supported |
+| Roaming detected | Not supported |
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 050fc24beb..a226b877f3 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -1,9 +1,9 @@
---
title: Provisioning packages overview
-description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
+description: With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages are and what they do.
ms.reviewer: kevinsheehan
ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 07/08/2024
---
# Provisioning packages for Windows
@@ -12,29 +12,17 @@ Windows provisioning makes it easy for IT administrators to configure end-user d
A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
-
-
+Provisioning packages are simple enough that with a short set of written instructions, a student, or nontechnical users can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
-
-
-
-
-
-
-
-
-
-
## Benefits of provisioning packages
Provisioning packages let you:
- Quickly configure a new device without going through the process of installing a new image.
- Save time by configuring multiple devices using one provisioning package.
-- Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.
+- Quickly configure user-owned devices in an organization without a mobile device management (MDM) infrastructure.
- Set up a device without the device having network connectivity.
Provisioning packages can be:
@@ -44,57 +32,7 @@ Provisioning packages can be:
- Downloaded from a network share.
- Deployed in NFC tags or barcodes.
-## What you can configure
-
-### Configuration Designer wizards
-
-The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
-
-| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
-| --- | --- | --- | --- | --- |
-| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✅ | ✅ | ✅ |
-| Set up network | Connect to a Wi-Fi network | ✅ | ✅ | ✅ |
-| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✅ | ✅ | ✅ |
-| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✅ | ✅ | ✅ |
-| Add applications | Install applications using the provisioning package. | ✅ | ✅ | ❌ |
-| Add certificates | Include a certificate file in the provisioning package. | ✅ | ✅ | ✅ |
-| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✅ | ❌ |
-| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✅ | ❌ |
-| Developer Setup | Enable Developer Mode | ❌ | ❌ | ✅ |
-
-- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
-- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
-- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
-
->[!NOTE]
->After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
-
-### Configuration Designer advanced editor
-
-The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
-
-| Customization options | Examples |
-|---|---|
-| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
-| Applications | Windows apps, line-of-business applications |
-| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service
Using a provisioning package for auto-enrollment to Microsoft Intune isn't supported. To enroll devices, use the Configuration Manager console. |
-| Certificates | Root certification authority (CA), client certificates |
-| Connectivity profiles | Wi-Fi, proxy settings, Email |
-| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
-| Data assets | Documents, music, videos, pictures |
-| Start menu customization | Start menu layout, application pinning |
-| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on |
-
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
-
-
-
-
-
-
-WCD, simplified common provisioning scenarios.
-
-:::image type="content" source="images/icd.png" alt-text="Configuration Designer options":::
+## Provisioning scenarios
WCD supports the following scenarios for IT administrators:
@@ -111,8 +49,54 @@ WCD supports the following scenarios for IT administrators:
- MobileIron (password-string based enrollment)
- Other MDMs (cert-based enrollment)
-
-
+> [!NOTE]
+> The Provision school devices wizard is removed from Windows Configuration Designer. Instead, use the [Setup School PCs app](https://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) from the Microsoft Store.
+
+:::image type="content" source="images/icd.png" alt-text="Configuration Designer options":::
+
+## What you can configure
+
+Windows Configuration Designer provides the following simple provisioning scenarios:
+
+- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
+- [Instructions for the kiosk wizard](../assigned-access/overview.md)
+- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#provisioning-package-hololens-wizard)
+- [Instructions for the Surface Hub wizard](/surface-hub/provisioning-packages-for-surface-hub)
+
+The following table describes settings that you can configure using the wizards in Windows Configuration Designer to create provisioning packages.
+
+| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
+| --- | --- | --- | --- | --- |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove preinstalled software | ✅ | ✅ | ✅ |
+| Set up network | Connect to a Wi-Fi network | ✅ | ✅ | ✅ |
+| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✅ | ✅ | ✅ |
+| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✅ | ✅ | ✅ |
+| Add applications | Install applications using the provisioning package. | ✅ | ✅ | ❌ |
+| Add certificates | Include a certificate file in the provisioning package. | ✅ | ✅ | ✅ |
+| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✅ | ❌ |
+| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✅ | ❌ |
+| Developer Setup | Enable Developer Mode | ❌ | ❌ | ✅ |
+
+> [!TIP]
+> After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
+
+## Configuration Designer advanced editor
+
+The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages.
+
+| Customization options | Examples |
+|---|---|
+| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
+| Applications | Windows apps, line-of-business applications |
+| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service
Using a provisioning package for autoenrollment to Microsoft Intune isn't supported. To enroll devices, use the Configuration Manager console. |
+| Certificates | Root certification authority (CA), client certificates |
+| Connectivity profiles | Wi-Fi, proxy settings, Email |
+| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
+| Data assets | Documents, music, videos, pictures |
+| Start menu customization | Start menu layout, application pinning |
+| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on |
+
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index e5e7ea6019..d8292d3413 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,17 +1,14 @@
---
-title: PowerShell cmdlets for provisioning Windows 10/11
-description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
+title: PowerShell cmdlets for provisioning packages in Windows
+description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows devices.
ms.topic: conceptual
-
-ms.date: 12/31/2017
+ms.date: 07/09/2024
---
-# PowerShell cmdlets for provisioning Windows client (reference)
+# PowerShell cmdlets for provisioning Windows client
Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
-## cmdlets
-
- **Add-ProvisioningPackage**: Applies a provisioning package.
Syntax:
@@ -59,7 +56,7 @@ Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it e
- `Uninstall-TrustedProvisioningCertificate