diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn
index a3a07ef4f2..64354d7a64 100644
--- a/.acrolinx-config.edn
+++ b/.acrolinx-config.edn
@@ -1,4 +1,4 @@
-{:allowed-branchname-matches ["master"]
+{:allowed-branchname-matches ["master" "main"]
:allowed-filename-matches ["windows/"]
:targets
@@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi
Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
-| Article | Score | Issues | Scorecard | Processed |
-| ------- | ----- | ------ | --------- | --------- |
+| Article | Score | Issues | Spelling issues | Scorecard | Processed |
+| ------- | ----- | ------ | ------ | --------- | --------- |
"
:template-change
- "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} |
+ "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} |
"
:template-footer
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 1965f039f3..f505c1d9de 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,5 +1,105 @@
{
"redirections": [
+ {
+ "source_path": "windows/client-management/mdm/browserfavorite-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/remotelock-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/registry-ddf-file.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/registry-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/maps-ddf-file.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/maps-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/hotspot-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/filesystem-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseext-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
@@ -5072,7 +5172,7 @@
},
{
"source_path": "windows/device-security/windows-10-mobile-security-guide.md",
- "redirect_url": "/windows/security/threat-protection/windows-10-mobile-security-guide",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@@ -5377,7 +5477,7 @@
},
{
"source_path": "windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md",
- "redirect_url": "/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@@ -11987,7 +12087,7 @@
},
{
"source_path": "windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md",
- "redirect_url": "/windows/access-protection/installing-digital-certificates-on-windows-10-mobile",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@@ -13477,7 +13577,7 @@
},
{
"source_path": "windows/keep-secure/windows-10-mobile-security-guide.md",
- "redirect_url": "/windows/device-security/windows-10-mobile-security-guide",
+ "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@@ -16411,7 +16511,7 @@
"redirect_document_id": false
},
{
- "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
+ "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/gov",
"redirect_document_id": false
},
@@ -19198,10 +19298,14 @@
},
{
- "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
- "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
- "redirect_document_id": true
+ "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
+ "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
+ "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
+ "redirect_document_id": false
}
-
- ]
+ ]
}
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 0b2aef014b..0f970282ed 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -9,7 +9,7 @@ metadata:
keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
ms.prod: edge
- author: shortpatti
+ author: dougeby
ms.author: pashort
ms.topic: landing-page
ms.devlang: na
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index 04b23cd56e..accbb0e679 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -11,7 +11,7 @@ metadata:
ms.localizationpriority: medium
ms.topic: landing-page # Required
ms.collection: collection # Optional; Remove if no collection is used.
- author: shortpatti #Required; your GitHub user alias, with correct capitalization.
+ author: dougeby #Required; your GitHub user alias, with correct capitalization.
ms.author: pashort #Required; microsoft alias of author; optional team alias.
ms.date: 07/07/2020 #Required; mm/dd/yyyy format.
diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml
index 96038bd4ce..bfb48a3544 100644
--- a/browsers/edge/microsoft-edge-faq.yml
+++ b/browsers/edge/microsoft-edge-faq.yml
@@ -62,7 +62,7 @@ sections:
- question: Will Internet Explorer 11 continue to receive updates?
answer: |
- We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
+ We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
- question: How do I find out which version of Microsoft Edge I have?
answer: |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index a285c99103..ca1542a952 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -14,9 +14,7 @@ ms.author: dansimp
[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
-Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
+Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
-
-
-
+:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 66b29a20c4..58a2d5298b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -36,11 +36,4 @@ Use the topics in this section to learn about how to auto detect your settings,
|------|------------|
|[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
-|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
-
-
-
-
-
-
-
+|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
index b025aa3409..4f545f92d9 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
@@ -24,9 +24,6 @@ summary: |
sections:
- name: Ignored
questions:
- - question: |
- Frequently Asked Questions
- answer: |
- question: |
What operating system does IE11 run on?
answer: |
@@ -250,4 +247,4 @@ additionalContent: |
- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
\ No newline at end of file
+ - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 6aa0242523..68b6be4505 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -31,7 +31,7 @@ landingContent:
- text: Use Enterprise Mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Lifecycle FAQ - Internet Explorer
- url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
+ url: /lifecycle/faq/internet-explorer-microsoft-edge
- linkListType: download
links:
- text: Download IE11 with Windows 10
@@ -123,7 +123,7 @@ landingContent:
- text: Group Policy preferences for IE11
url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- text: Configure Group Policy preferences
- url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
+ url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- text: Blocked out-of-date ActiveX controls
url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- text: Out-of-date ActiveX control blocking
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
index 50862d688d..f7f8874d78 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@@ -148,7 +148,7 @@ sections:
- question: |
Where to find Internet Explorer security zones registry entries
answer: |
- Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
+ Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
@@ -193,7 +193,7 @@ sections:
answer: |
Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
- For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
+ For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
- question: |
How to configure TLS (SSL) for Internet Explorer
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 227cfc8a46..1c5a8d3904 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,6 +2,24 @@
+## Week of December 13, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 12/13/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
+| 12/13/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
+
+
+## Week of November 29, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added |
+| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added |
+
+
## Week of November 15, 2021
@@ -12,13 +30,3 @@
| 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
-
-
-## Week of October 25, 2021
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |
diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml
index 6571e40f23..3a592b8263 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@@ -1,3 +1,9 @@
+- name: Windows 11 SE for Education
+ items:
+ - name: Overview
+ href: windows-11-se-overview.md
+ - name: Settings and CSP list
+ href: windows-11-se-settings-list.md
- name: Windows 10 for Education
href: index.md
items:
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
new file mode 100644
index 0000000000..32f5f7795d
--- /dev/null
+++ b/education/windows/windows-11-se-overview.md
@@ -0,0 +1,111 @@
+---
+title: What is Windows 11 SE
+description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
+ms.reviewer:
+manager: dougeby
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+ms.author: mandia
+author: MandiOhlinger
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Windows 11 SE for Education
+
+**Applies to**:
+
+- Windows 11 SE
+- Microsoft Intune for Education
+
+Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
+
+For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
+
+- A simplified and secure experience for students. Student privacy is prioritized.
+- Admins remotely manage Windows 11 SE devices using [Microsoft Intune for Education](/intune-education/what-is-intune-for-education).
+- It's built for low-cost devices.
+- It has a curated app experience, and is designed to only run essential education apps.
+
+## Get Windows 11 SE
+
+Windows 11 SE is only available preinstalled on devices from OEMs. The OEM installs Windows 11 SE, and makes the devices available for you to purchase. For example, you'll be able to purchase Microsoft Surface devices with Windows 11 SE already installed.
+
+## Available apps
+
+Windows 11 SE comes with some preinstalled apps. The following apps can also run on Windows 11 SE, and are deployed using the [Intune for Education portal](https://intuneeducation.portal.azure.com). For more information, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+
+---
+| Application | Min version | Vendor |
+| --- | --- | --- |
+| Chrome | 95.0.4638.54 | Google |
+| Dragon Assistant | 3.2.98.061 | Nuance Communications |
+| Dragon Professional Individual | 15.00.100 | Nuance Communications |
+| e-Speaking Voice and Speech recognition | 4.4.0.8 | e-speaking |
+| Free NaturalReader | 16.1.2 | Natural Soft |
+| Jaws for Windows | 2022.2109.84 ILM | Freedom Scientific |
+| Kite Student Portal | 8.0.1 | Dynamic Learning Maps |
+| NextUp Talker | 1.0.49 | NextUp Technologies, LLC. |
+| NonVisual Desktop Access | 2021.2 | NV Access |
+| Read and Write | 12.0.71 | Texthelp Systems Ltd. |
+| SuperNova Magnifier & Screen Reader | 20.03 | Dolphin Computer Access |
+| SuperNova Magnifier & Speech | 20.03 | Dolphin Computer Access |
+| Text Aloud | 4.0.64 | Nextup.com |
+| Zoom | 5.8.3 (1581) | Zoom Inc |
+| Zoomtext Fusion by AiSquared | 2022.2109.10 | ORF Fusion |
+| ZoomText Magnifier/Reader | 2022.2109.25ILM | AI Squared |
+
+---
+
+### Enabled apps
+
+| App type | Enabled |
+| --- | --- |
+| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
+| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
+
+### Add your own apps
+
+If the apps you need aren't shown in the [available apps list](#available-apps) (in this article), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
+
+Microsoft reviews every app request to make sure each app meets the following requirements:
+
+- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more.
+
+- Apps must be in one of the following app categories:
+ - Content Filtering apps
+ - Test Taking solutions
+ - Assistive technologies
+ - Classroom communication apps
+ - Essential diagnostics, management, and supportability apps
+
+- Apps must meet the performance [requirements of Windows 11](/windows/whats-new/windows-11-requirements).
+
+- Apps must meet the following security requirements:
+ - All app binaries are code-signed.
+ - All files include the `OriginalFileName` in the resource file header.
+ - All kernel drivers are WHQL-signed.
+
+- Apps don't have an equivalent web application.
+
+- Apps can't invoke any processes that can be used to jailbreak a device, automate jailbreaks, or present a security risk. For example, processes such as Reg.exe, CBE.exe, CMD.exe, and KD.exe are blocked on Windows 11 SE.
+
+If the app meets the requirements, Microsoft works with the Independent Software Vendor (ISV) to test the app, and make sure the app works as expected on Windows 11 SE.
+
+When the app is ready, Microsoft will update you. Then, you add the app to the [Intune for Education portal](https://intuneeducation.portal.azure.com), and [assign](/intune-education/assign-apps) it to your Windows 11 SE devices.
+
+For more information on Intune requirements for adding education apps, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+
+### 0x87D300D9 error with an app
+
+When you deploy an app using Intune for Education, you may get a `0x87D300D9` error code with a `Failed` state in the [Intune for Education portal](https://intuneeducation.portal.azure.com). If you have an app that fails with this error, then:
+
+- Make sure the app is on the [available apps list](#available-apps) (in this article). Or, make sure your app is [approved for Windows 11 SE](#add-your-own-apps) (in this article).
+- If the app is approved, then it's possible the app is packaged wrong. For more information, see [Add your own apps](#add-your-own-apps) (in this article) and [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+- If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own apps](#add-your-own-apps) (in this article). Or, use an app that runs in a web browser, such as a web app or PWA.
+
+## Related articles
+
+- [Use Intune for Education to manage devices running Windows 11 SE](/intune-education/windows-11-se-overview)
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
new file mode 100644
index 0000000000..4de2367a08
--- /dev/null
+++ b/education/windows/windows-11-se-settings-list.md
@@ -0,0 +1,106 @@
+---
+title: Windows 11 SE settings list
+description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
+ms.reviewer:
+manager: dougeby
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mobile
+ms.author: mandia
+author: MandiOhlinger
+ms.localizationpriority: medium
+ms.topic: article
+---
+
+# Windows 11 SE for Education settings list
+
+**Applies to**:
+
+- Windows 11 SE
+- Microsoft Intune for Education
+
+Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
+
+This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
+
+## Settings that can be changed
+
+The following table lists and describes the settings that can be changed by administrators.
+
+| Setting | Description |
+| --- | --- |
+| Block manual unenrollment | Default: Blocked
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
+| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
+| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
+| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
+| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives
Blocks user access to these storage locations. |
+| Allow News and Interests | Default: Hide
Hides Widgets. |
+| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
+| Enable App Install Control | Default: Turned On
Users can’t download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
+| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn’t been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
In Microsoft Edge, users can't override Windows Defender SmartScreen warnings.
[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|
+
+## Settings that can't be changed
+
+The following settings can't be changed.
+
+| Category | Description |
+| --- | --- |
+| Visible Folders in File Explorer | By default, the Desktop, Downloads, Documents, and Pictures folders are visible to users in File Explorer. Users can make other folders, like **This PC**, visible in **View** > **Options**. |
+| Launch Windows Maximized | All Windows are opened in the maximized view. |
+| Windows Snapping | Windows snapping is limited to two Windows. |
+| Allowed Account Types | Microsoft accounts and Azure AD accounts are allowed. |
+| Virtual Desktops | Virtual Desktops are blocked. |
+| Microsoft Store | The Microsoft Store is blocked. |
+| Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. |
+| Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). |
+
+## What's available in the Settings app
+
+On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown.
+
+- Accessibility
+
+- Accounts
+ - Email & accounts
+
+- Apps
+
+- Bluetooth & devices
+ - Bluetooth
+ - Printers & scanners
+ - Mouse
+ - Touchpad
+ - Typing
+ - Pen
+ - AutoPlay
+
+- Network & internet
+ - WiFi
+ - VPN
+
+- Personalization
+ - Taskbar
+
+- Privacy & security
+
+- System
+ - Display
+ - Notifications
+ - Tablet mode
+ - Multitasking
+ - Projecting to this PC
+
+- Time & Language
+ - Language & region
+
+## Next steps
+
+[Windows 11 SE for Education overview](windows-11-se-overview.md)
diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md
index 50f1527699..67a2d8f5cb 100644
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@@ -34,7 +34,7 @@ In this walkthrough, we'll show you how to deploy and manage a full cloud IT sol
- Create policies and app deployment rules
- Log in as a user and start using your Windows device
-Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business.
+Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
## Prerequisites
@@ -50,16 +50,17 @@ Here's a few things to keep in mind before you get started:
To set up a cloud infrastructure for your organization, follow the steps in this section.
### 1.1 Set up Office 365 for business
-See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
+
+See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
- Plan your setup
- Create Office 365 accounts and how to add your domain.
- Install Office
-To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business.
+To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
-1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
+1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
**Figure 1** - Try or buy Office 365
@@ -68,7 +69,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
2. Fill out the sign up form and provide information about you and your company.
3. Create a user ID and password to use to sign into your account.
- This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal).
+ This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
@@ -78,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 2** - Microsoft 365 admin center
- 
+ :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
6. Select the **Admin** tile to go to the admin center.
@@ -88,22 +89,22 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 3** - Admin center
- 
+ :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
-8. Go back to the admin center to add or buy a domain.
+8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
1. Select the **Domains** option.
**Figure 4** - Option to add or buy a domain
- 
+ :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
**Figure 5** - Microsoft-provided domain
- 
+ :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
- If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
- If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
@@ -112,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 6** - Domains
- 
+ :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
### 1.2 Add users and assign product licenses
Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
@@ -121,55 +122,55 @@ When adding users, you can also assign admin privileges to certain users in your
**To add users and assign product licenses**
-1. In the admin center, select **Users > Active users**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
**Figure 7** - Add users
- 
+ :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
2. In the **Home > Active users** page, add users individually or in bulk.
- To add users one at a time, select **+ Add a user**.
- If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help.
+ If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
**Figure 8** - Add an individual user
- 
+ :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
- To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
- The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
+ The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
**Figure 9** - Import multiple users
- 
+ :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
**Figure 10** - List of active users
- 
+ :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
### 1.3 Add Microsoft Intune
-Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune?
+Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
**To add Microsoft Intune to your tenant**
-1. In the admin center, select **Billing > Purchase services**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
3. Confirm your order to enable access to Microsoft Intune.
4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
**Figure 11** - Assign Intune licenses
- 
+ :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
6. Select **Intune**. This step opens the Endpoint Manager admin center.
**Figure 12** - Microsoft Intune management portal
- 
+ :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
@@ -178,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**To add Azure AD to your domain**
-1. In the admin center, select **Admin centers > Azure AD**.
+1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
> [!NOTE]
> You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
@@ -187,57 +188,57 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**Figure 13** - Access to Azure AD is not available
- 
+ :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
**Figure 14** - Sign up for Microsoft Azure
- 
+ :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
**Figure 15** - Start managing your Azure subscription
- 
+ :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
- This step will take you to the Microsoft Azure portal.
+ This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
### 1.5 Add groups in Azure AD
-This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups.
+This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
-To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups.
+To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
**To add groups in Azure AD**
-1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use.
+1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
**Figure 16** - Azure first sign-in screen
- 
+ :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
**Figure 17** - Directory home page
- 
+ :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
3. From the menu options on top, select **Groups**.
**Figure 18** - Azure AD groups
- 
+ :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
4. Select **Add a group** (from the top) or **Add group** at the bottom.
5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
**Figure 19** - Newly added group in Azure AD
- 
+ :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
@@ -245,34 +246,34 @@ To add Azure AD group(s), we will use the this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
+You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
> [!IMPORTANT]
> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
**To enable automatic MDM enrollment**
-1. In the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
+1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
**Figure 21** - List of applications for your company
- 
+ :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
2. Select **Microsoft Intune** to configure the application.
3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
**Figure 22** - Configure Microsoft Intune in Azure
- 
+ :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
4. In the Microsoft Intune configuration page:
- In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
@@ -291,66 +292,66 @@ You can read Microsoft Intune management portal and Microsoft Store for Business.
+In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
**To associate your Store account with Intune and configure synchronization**
-1. From the Microsoft Intune management portal, select **Admin**.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
**Figure 24** - Mobile device management
- 
+ :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
-3. Sign into Microsoft Store for Business using the same tenant account that you used to sign into Intune.
+3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
4. Accept the EULA.
5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
**Figure 25** - Activate Intune as the Store management tool
- 
+ :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
-7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
+7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
**Figure 26** - Configure Store for Business sync in Intune
- 
+ :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
**Figure 27** - Enable Microsoft Store for Business sync in Intune
- 
+ :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
**To buy apps from the Store**
-In your Microsoft Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
+In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
- Sway
- OneNote
- PowerPoint Mobile
- Excel Mobile
- Word Mobile
-In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
+In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
**Example 1 - Add other apps like Reader and InstaNote**
-1. In the Microsoft Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
+1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
**Figure 28** - Shop for Store apps
- 
+ :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
2. Click to select an app, such as **Reader**. This opens the app page.
3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
@@ -360,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
**Figure 29** - App inventory shows the purchased apps
- 
+ :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
> [!NOTE]
> Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
@@ -369,18 +370,18 @@ In the following example, we'll show you how to buy apps through the Microsoft S
If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
-1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
**Figure 30** - Force a sync in Intune
- 
+ :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
**To view purchased apps**
-- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
+- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
**To add more apps**
-- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this.
+- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
## 2. Set up devices
@@ -395,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 31** - First screen in Windows device setup
- 
+ :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
> [!NOTE]
> During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
@@ -405,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 32** - Choose how you'll connect your Windows device
- 
+ :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
**Figure 33** - Sign in using one of the accounts you added
- 
+ :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
@@ -425,16 +426,16 @@ Verify that the device is set up correctly and boots without any issues.
2. Confirm that the Store and built-in apps are working.
### 2.3 Verify the device is Azure AD joined
-In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
+In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
**To verify if the device is joined to Azure AD**
1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
**Figure 34** - Check the PC name on your device
- 
+ :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
-2. Log in to the Intune management portal.
+2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
3. Select **Groups** and then go to **Devices**.
4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC.
- Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
@@ -443,7 +444,7 @@ In the Intune management
**Figure 35** - Check that the device appears in Intune
- 
+ :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
## 3. Manage device settings and features
You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
@@ -454,7 +455,7 @@ In this section, we'll show you how to reconfigure app deployment settings and a
In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
**To reconfigure app deployment settings**
-1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
2. Select the app, right-click, then select **Manage Deployment...**.
3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
@@ -462,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 36** - Reconfigure an app's deployment setting in Intune
- 
+ :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
6. Click **Finish**.
7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
@@ -472,12 +473,12 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 37** - Confirm that additional apps were deployed to the device
- 
+ :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
### 3.2 Configure other settings in Intune
**To disable the camera**
-1. In the Intune management portal, select **Policy > Configuration Policies**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
2. In the **Policies** window, click **Add** to create a new policy.
3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
4. On the **Create Policy** page, select **Device Capabilities**.
@@ -488,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 38** - Add a configuration policy
- 
+ :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
7. Click **Save Policy**. A confirmation window will pop up.
8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
@@ -497,16 +498,16 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 39** - The new policy should appear in the **Policies** list.
- 
+ :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
**To turn off Windows Hello and PINs during device setup**
-1. In the Intune management portal, select **Admin**.
+1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
**Figure 40** - Policy to disable Windows Hello for Business
- 
+ :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
4. Click **Save**.
@@ -533,49 +534,49 @@ For other devices, such as those personally-owned by employees who need to conne
**Figure 41** - Add an Azure AD account to the device
- 
+ :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
**Figure 42** - Enter the account details
- 
+ :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
5. You will be asked to update the password so enter a new password.
6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
**Figure 43** - Make sure this is your organization
- 
+ :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
**Figure 44** - Confirmation that the device is now connected
- 
+ :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
**Figure 45** - Device is now enrolled in Azure AD
- 
+ :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
-9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
+9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
### 4.2 Add a new user
You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
-See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well.
+See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
## Get more info
### For IT admins
To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
-- Set up Office 365 for business
-- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365
-- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation
+- [Set up Office 365 for business](/microsoft-365/admin/setup)
+- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
+- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
-- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business
+- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
### For information workers
Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md
index 4cebea6e8c..e8f13c7d35 100644
--- a/smb/includes/smb-content-updates.md
+++ b/smb/includes/smb-content-updates.md
@@ -2,10 +2,9 @@
-## Week of October 25, 2021
+## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
-| 10/28/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
-| 10/28/2021 | [Windows 10/11 for small to midsize businesses](/windows/smb/index) | modified |
+| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index e84a7708a4..d14bc10108 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,6 +2,17 @@
+## Week of December 13, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 12/13/2021 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
+| 12/13/2021 | [Change history for Microsoft Store for Business and Education](/microsoft-store/sfb-change-history) | modified |
+| 12/14/2021 | [Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-users-and-groups-microsoft-store-for-business) | modified |
+| 12/14/2021 | [Troubleshoot Microsoft Store for Business (Windows 10)](/microsoft-store/troubleshoot-microsoft-store-for-business) | modified |
+
+
## Week of November 15, 2021
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index a417157bc2..717074d334 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -44,5 +44,5 @@ If you created a new Azure AD directory when you signed up for Store for Busines
You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
For more information, see:
-- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec)
+- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
- [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory)
\ No newline at end of file
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index 962ec31ffd..a4f1f93a78 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -1,6 +1,6 @@
---
-title: Whats new in Microsoft Store for Business and Education
-description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
+title: Microsoft Store for Business and Education release history
+description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@@ -18,7 +18,7 @@ manager: dansimp
> [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
-Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
+Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
index f57695f277..08e7950bb0 100644
--- a/store-for-business/sfb-change-history.md
+++ b/store-for-business/sfb-change-history.md
@@ -76,6 +76,7 @@ ms.localizationpriority: medium
| --- | --- |
| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
+| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
## June 2017
@@ -84,10 +85,3 @@ ms.localizationpriority: medium
| [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
| [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
-
-## July 2017
-
-| New or changed topic | Description |
-| -------------------- | ----------- |
-| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
-| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
\ No newline at end of file
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
index f54b676866..febe7110b0 100644
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ b/store-for-business/troubleshoot-microsoft-store-for-business.md
@@ -56,7 +56,7 @@ The private store for your organization is a page in Microsoft Store app that co
## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
-If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
+If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration).
## Still having trouble?
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index 557504605e..5e9de6a8c4 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -12,6 +12,7 @@ ms.date: 08/30/2021
ms.reviewer:
manager: dougeby
ms.topic: article
+ms.collection: highpri
---
# Add or hide features on the Windows client OS
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index cbe270cf7d..6899ee3213 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -63,7 +63,7 @@ The computer on which you are installing the Office Deployment Tool must have th
| Prerequisite | Description |
|----------------------|--------------------|
-| Prerequisite software | .Net Framework 4 |
+| Prerequisite software | .NET Framework 4 |
| Supported operating systems | 64-bit version of Windows 10/11 64-bit version of Windows 8 or 8.1 64-bit version of Windows 7 |
>[!NOTE]
@@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
|--------------|----------------------------|----------------|
| Add element | Specifies which products and languages the package will include. | N/A |
| **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition** must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"` `OfficeClientEdition="64"` |
- | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications. For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"` `Product ID ="VisioProRetail"` `Product ID ="ProjectProRetail"` |
+ | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications. For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"` `Product ID ="VisioProRetail"` `Product ID ="ProjectProRetail"` |
| Language element | Specifies which language the applications support. | `Language ID="en-us"` |
| Version (attribute of **Add** element) | Optional. Specifies which build the package will use. Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
| SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index 8765ba9fa6..4f5424f963 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -19,90 +19,81 @@ ms.author: greglin
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later
-
-
-
Problem
-
Workaround
-
-
-
-
Unable to manually create a system-owned folder needed for the set-AppVClientConfiguration PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
-
Don't create this file manually, instead let the Add-AppVClientPackage cmdlet auto-generate it.
-
-
-
Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
-
Make sure you have the complete App-V package or the MSI file from the original app.
-
-
-
Unable to modify the locale for auto-sequencing.
-
Open the C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
-
-
-
Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
-
The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <appv:Extensions> tag:
-
+- **Problem**: Unable to manually create a system-owned folder needed for the `set-AppVClientConfiguration` PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
+ **Workaround**: Don't create this file manually, instead let the `Add-AppVClientPackage` cmdlet auto-generate it.
+
+- **Problem**: Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
+
+ **Workaround**: Make sure you have the complete App-V package or the MSI file from the original app.
+
+- **Problem**: Unable to modify the locale for auto-sequencing.
+
+ **Workaround**: Open the `C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml` file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
+
+- **Problem**: Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
+
+ **Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `` tag:
+
+ ```xml
+
+
+ ftp
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0
+
+ open
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe
+ open
+ "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"
+
+
+
+
+
+
+
+
+
+
+ http
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0
+
+ open
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe
+ open
+ "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"
+
+
+
+
+
+
+
+
+
+
+ https
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0
+
+ open
+
+ [{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe
+ open
+ "[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"
+
+
+
+
+
+
+
+
+ ```
## Related resources list
For information that can help with troubleshooting App-V for Windows client, see:
@@ -120,4 +111,4 @@ For information that can help with troubleshooting App-V for Windows client, see
## Related topics
- [What's new in App-V for Windows client](appv-about-appv.md)
-- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
\ No newline at end of file
+- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 2584b8cb49..c9b830292f 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -11,6 +11,7 @@ ms.author: mandia
author: MandiOhlinger
ms.localizationpriority: medium
ms.topic: article
+ms.collection: highpri
---
# Overview of apps on Windows client devices
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index e6739ae97e..a6b080d29e 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -10,7 +10,9 @@ metadata:
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
ms.topic: landing-page # Required
- ms.collection: windows-10
+ ms.collection:
+ - windows-10
+ - highpri
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/24/2021 #Required; mm/dd/yyyy format.
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 99da0233ac..4765af8423 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -12,13 +12,14 @@ author: greg-lindsay
ms.localizationpriority: medium
ms.date: 09/20/2021
ms.topic: article
+ms.collection: highpri
---
# Administrative Tools in Windows
**Applies to**
-- Windows 10
+- Windows 10
- Windows 11
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 7e5b601fab..d55df0054b 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -11,6 +11,7 @@ author: greg-lindsay
ms.localizationpriority: medium
ms.author: tracyp
ms.topic: troubleshooting
+ms.collection: highpri
---
# Advanced troubleshooting 802.1X authentication
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 1c65aec135..0c976ceceb 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -10,6 +10,7 @@ ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
ms.topic: troubleshooting
+ms.collection: highpri
---
# Advanced troubleshooting for Windows boot problems
@@ -149,49 +150,19 @@ If you receive BCD-related errors, follow these steps:
2. Restart the computer to check whether the problem is fixed.
-3. If the problem is not fixed, run the following command:
-
- ```console
- Bootrec /rebuildbcd
- ```
-
-4. You might receive one of the following outputs:
-
- ```console
- Scanning all disks for Windows installations. Please wait, since this may take a while ...
- Successfully scanned Windows installations. Total identified Windows installations: 0
- The operation completed successfully.
- ```
-
- ```console
- Scanning all disks for Windows installations. Please wait, since this may take a while ...
- Successfully scanned Windows installations. Total identified Windows installations: 1
- D:\Windows
- Add installation to boot list? Yes/No/All:
- ```
-
- If the output shows **windows installation: 0**, run the following commands:
+3. If the problem is not fixed, run the following commands:
```console
bcdedit /export c:\bcdbackup
- attrib c:\\boot\\bcd -r –s -h
+ attrib c:\boot\bcd -r -s -h
- ren c:\\boot\\bcd bcd.old
+ ren c:\boot\bcd bcd.old
bootrec /rebuildbcd
```
-
- After you run the command, you receive the following output:
-
- ```console
- Scanning all disks for Windows installations. Please wait, since this may take a while ...
- Successfully scanned Windows installations. Total identified Windows installations: 1
- {D}:\Windows
- Add installation to boot list? Yes/No/All: Y
- ```
-5. Try restarting the system.
+4. Restart the system.
### Method 4: Replace Bootmgr
@@ -205,7 +176,7 @@ If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from driv
attrib -r -s -h
```
-3. Run the same **attrib** command on the Windows (system drive):
+3. Navigate to the system drive and run the same command:
```console
attrib -r -s -h
@@ -230,7 +201,7 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
## Kernel Phase
@@ -393,7 +364,7 @@ If the dump file shows an error that is related to a driver (for example, window
- To do this, open WinRE, open a command prompt, and then run the following command:
```console
- SFC /Scannow /OffBootDir=C:\ /OffWinDir=E:\Windows
+ SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
```
For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
@@ -413,4 +384,4 @@ If the dump file shows an error that is related to a driver (for example, window
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index 043d6d76df..49d26516fa 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -37,9 +37,8 @@ It is important to understand the different Wi-Fi components involved, their exp
The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
### Known Issues and fixes
-** **
-| **OS version** | **Fixed in** |
+| OS version | Fixed in |
| --- | --- |
| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) |
| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) |
@@ -54,13 +53,13 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- [Windows 10 version 1511](https://support.microsoft.com/help/4000824)
- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470)
- [Windows Server 2012](https://support.microsoft.com/help/4009471)
-- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469)
+- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469)
## Data Collection
1. Network Capture with ETW. Enter the following at an elevated command prompt:
- ```cmd
+ ```console
netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
```
2. Reproduce the issue.
@@ -70,12 +69,12 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
3. Stop the trace by entering the following command:
- ```cmd
+ ```console
netsh trace stop
```
4. To convert the output file to text format:
- ```cmd
+ ```console
netsh trace convert c:\tmp\wireless.etl
```
@@ -105,39 +104,39 @@ The wifi connection state machine has the following states:
Standard wifi connections tend to transition between states such as:
-**Connecting**
+- Connecting
-Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
+ Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
-**Disconnecting**
+- Disconnecting
-Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
+ Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
->Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
+Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
The following is an example of a good connection setup:
-
+```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
-
+```
The following is an example of a failed connection setup:
-
+```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
-
+```
By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.
@@ -155,7 +154,7 @@ Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** fil
Continuing with the example above, the combined filters look like this:
-
+```console
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Reset to State: Ihv_Configuring
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
@@ -173,7 +172,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
-
+```
> [!NOTE]
> In the next to last line the SecMgr transition is suddenly deactivating:
@@ -182,7 +181,7 @@ Authenticating to State: Roaming
Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
-
+```console
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -196,7 +195,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
-
+```
The trail backwards reveals a **Port Down** notification:
@@ -208,7 +207,7 @@ Below, the MSM is the native wifi stack. These are Windows native wifi drivers w
Enable trace filter for **[Microsoft-Windows-NWifi]:**
-
+```console
+[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
+```
This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
@@ -238,7 +239,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas
## Example ETW capture
-
+```
## Wifi filter file
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index d59710d70b..8b0e587b74 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -3,7 +3,7 @@ title: Windows 10 default media removal policy
description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
ms.prod: w10
author: Teresa-Motiv
-ms.author: v-tea
+ms.author: dougeby
ms.date: 11/25/2020
ms.topic: article
ms.custom:
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 87a70ff761..ec54bee4ae 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -9,10 +9,11 @@ ms.pagetype: devices
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
-ms.date: 09/14/2021
+ms.date: 01/18/2022
ms.reviewer:
manager: dansimp
ms.topic: article
+ms.collection: highpri
---
# Connect to remote Azure Active Directory-joined PC
@@ -20,7 +21,7 @@ ms.topic: article
**Applies to**
-- Windows 10
+- Windows 10
- Windows 11
@@ -54,8 +55,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
```
where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
- This command only works for AADJ device users already added to any of the local groups (administrators).
- Otherwise this command throws the below error. For example:
+ In order to execute this PowerShell command you be a member of the local Administrators group. Otherwise, you'll get an error like this example:
- for cloud only user: "There is no such global user or group : *name*"
- for synced user: "There is no such global user or group : *name*"
@@ -66,13 +66,13 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- Adding users using policy
- Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
+ Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
> [!NOTE]
- > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
+ > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials).
## Supported configurations
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index da6bb869ab..be28170923 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -10,6 +10,7 @@ ms.author: delhan
ms.date: 8/28/2019
ms.reviewer: dcscontentpm
manager: dansimp
+ms.collection: highpri
---
# How to determine the appropriate page file size for 64-bit versions of Windows
@@ -66,7 +67,7 @@ Kernel memory crash dumps require enough page file space or dedicated dump file
Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
-A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file.
+A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
## System-managed page files
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index e0a26c9402..12bd194bc7 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -10,6 +10,7 @@ ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
manager: willchen
+ms.collection: highpri
---
# Generate a kernel or complete crash dump
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index c9150ce005..3d50f1d30a 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -32,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies) |
-| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application
User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application
User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). |
| **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app
User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) |
| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) |
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index e5ae09ccb3..f12a0ac603 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -10,7 +10,9 @@ metadata:
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
ms.topic: landing-page # Required
- ms.collection: windows-10
+ ms.collection:
+ - windows-10
+ - highpri
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 9354d9c8c9..329d185fad 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan
ms.reviewer: dcscontentpm
manager: dansimp
+ms.collection: highpri
---
# Introduction to page files
@@ -27,20 +28,20 @@ Page files enable the system to remove infrequently accessed modified pages from
Some products or services require a page file for various reasons. For specific information, check the product documentation.
-For example, the following Windows servers requires page files:
+For example, the following Windows servers require page files:
- Windows Server domain controllers (DCs)
- DFS Replication (DFS-R) servers
- Certificate servers
- ADAM/LDS servers
-This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE in Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
+This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
-For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed" .
+For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed".
### Support for system crash dumps
-Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as “virtual memory”) a system can support.
+Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as "virtual memory") a system can support.
For more information about system crash dumps, see [system crash dump options](system-failure-recovery-options.md#under-write-debugging-information).
@@ -48,7 +49,7 @@ For more information about system crash dumps, see [system crash dump options](s
When large physical memory is installed, a page file might not be required to support the system commit charge during peak usage. For example, 64-bit versions of Windows and Windows Server support more physical memory (RAM) than 32-bit versions support. The available physical memory alone might be large enough.
-However, the reason to configure the page file size has not changed. It has always been about supporting a system crash dump, if it is necessary, or extending the system commit limit, if it is necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
+However, the reason to configure the page file size hasn't changed. It has always been about supporting a system crash dump, if it's necessary, or extending the system commit limit, if it's necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
## System committed memory
@@ -64,7 +65,7 @@ The system commit charge is the total committed or "promised" memory of all comm
-The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
+The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The **\Memory\% Committed Bytes In Use** counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
> [!NOTE]
> System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger, but no more than one-eighth of the volume size) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 4e6bcdad77..56a3adc040 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -26,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f
>[!Note]
>Each server that you want to manage access to the Settings App must be patched.
-If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 25245fa812..d45e85d719 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -11,6 +11,7 @@ ms.date: 09/14/2021
ms.reviewer:
manager: dansimp
ms.topic: article
+ms.collection: highpri
---
# Create mandatory user profiles
@@ -41,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor
| Windows 10, versions 1507 and 1511 | N/A | v5 |
| Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 | Windows Server 2016 and Windows Server 2019 | v6 |
-For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
+For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning).
## Mandatory user profile
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 64394a6989..740ad8289d 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -39,11 +39,11 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
- 
+ 
6. Select **Install software**.
- 
+ 
7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
@@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
1. Sign in to the Microsoft 365 admin center at using your organization's account.
- 
+ 
2. On the **Home** page, select on the Admin tools icon.
- 
+ 
3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
- 
+ 
4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
- 
+ 
5. It may take a few minutes to process the request.
- 
+ 
6. You will see a welcome page when the process completes.
- 
+ 
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index f6d3ef7a2f..5c44ba2dc1 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: ManikaDhiman
+author: dansimp
ms.date: 07/10/2019
---
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 4a4b41b531..648d9c245f 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -6,7 +6,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: ManikaDhiman
+author: dansimp
ms.reviewer: jsuther1974
ms.date: 09/10/2020
---
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index 6b3adfa904..634025c4b9 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -9,6 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
+ms.collection: highpri
---
# Azure Active Directory integration with MDM
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index e3f6b2bd85..96b516b939 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
ms.date: 04/16/2020
ms.reviewer:
manager: dansimp
+ms.collection: highpri
---
# BitLocker CSP
@@ -26,19 +27,29 @@ the setting configured by the admin.
For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
The following shows the BitLocker configuration service provider in tree format.
-```
+
+```console
./Device/Vendor/MSFT
BitLocker
----RequireStorageCardEncryption
----RequireDeviceEncryption
----EncryptionMethodByDriveType
+----IdentificationField
+----SystemDrivesEnablePreBootPinExceptionOnDECapableDevice
+----SystemDrivesEnhancedPIN
+----SystemDrivesDisallowStandardUsersCanChangePIN
+----SystemDrivesEnablePrebootInputProtectorsOnSlates
+----SystemDrivesEncryptionType
----SystemDrivesRequireStartupAuthentication
----SystemDrivesMinimumPINLength
----SystemDrivesRecoveryMessage
----SystemDrivesRecoveryOptions
----FixedDrivesRecoveryOptions
----FixedDrivesRequireEncryption
+----FixedDrivesEncryptionType
----RemovableDrivesRequireEncryption
+----RemovableDrivesEncryptionType
+----RemovableDrivesConfigureBDE
----AllowWarningForOtherDiskEncryption
----AllowStandardUserEncryption
----ConfigureRecoveryPasswordRotation
@@ -48,90 +59,25 @@ BitLocker
--------RotateRecoveryPasswordsStatus
--------RotateRecoveryPasswordsRequestID
```
+
**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
-**RequireStorageCardEncryption**
-
-Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
-
-
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
-Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
-
-- 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require storage cards to be encrypted.
-
-Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
-
-If you want to disable this policy use the following SyncML:
-
-```xml
-
-
-
- $CmdID$
-
-
- ./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption
-
-
- int
-
- 0
-
-
-
-
-```
-
-Data type is integer. Supported operations are Add, Get, Replace, and Delete.
-
-
**RequireDeviceEncryption**
Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
Data type is integer. Sample value for this node to enable this policy: 1.
Supported operations are Add, Get, Replace, and Delete.
@@ -149,7 +95,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
The following list shows the supported values:
-- 0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
+- 0 (default) —Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
- 1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
If you want to disable this policy, use the following SyncML:
@@ -183,25 +129,15 @@ If you want to disable this policy, use the following SyncML:
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -214,7 +150,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.
@@ -260,6 +196,297 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+**IdentificationField**
+
+Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Provide the unique identifiers for your organization
+
GP name: IdentificationField_Name
+
GP path: Windows Components/BitLocker Drive Encryption
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This setting is used to establish an identifier that is applied to all drives that are encrypted in your organization.
+
+Identifiers are usually stored as the identification field and the allowed identification field. You can configure the following identification fields on existing drives by using the [Manage-bde](/windows-server/administration/windows-commands/manage-bde):
+
+- **BitLocker identification field**: It allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. This identifier is automatically added to new BitLocker-protected drives, and it can be updated on existing BitLocker-protected drives by using the Manage-bde command-line tool. For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde). An identification field is required to manage certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker manages and updates data recovery agents only when the identification field on the drive matches the value that is configured in the identification field. In a similar manner, BitLocker updates the BitLocker To Go Reader only when the identification field on the drive matches the value that is configured for the identification field.
+
+- **Allowed BitLocker identification field**: The allowed identification field is used in combination with the 'Deny write access to removable drives not protected by BitLocker' policy setting to help control the use of removable drives in your organization. It is a comma-separated list of identification fields from your organization or external organizations.
+
+>[!Note]
+>When a BitLocker-protected drive is mounted on another BitLocker-enabled computer, the identification field and the allowed identification field are used to determine whether the drive is from an outside organization.
+
+If you enable this policy setting, you can configure the identification field on the BitLocker-protected drive and any allowed identification field that is used by your organization.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+Data Id:
+
+- IdentificationField: BitLocker identification field
+- SecIdentificationField: Allowed BitLocker identification field
+
+If you disable or do not configure this setting, the identification field is not required.
+
+>[!Note]
+>Multiple values separated by commas can be entered in the identification and allowed identification fields. The identification field can be any value up to 260 characters.
+
+
+
+
+**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice**
+
+Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN
+
GP name: EnablePreBootPinExceptionOnDECapableDevice_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This setting allows users on devices that are compliant with InstantGo or Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for pre-boot authentication. This overrides the "Require startup PIN with TPM" option of the "Require additional authentication at startup" policy on compliant hardware.
+
+If you enable this policy setting, users on InstantGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the options of "Require additional authentication at startup" policy apply.
+
+
+
+**SystemDrivesEnhancedPIN**
+
+Allows users to configure whether or not enhanced startup PINs are used with BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Allow enhanced PINs for startup
+
GP name: EnhancedPIN_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This setting permits the use of enhanced PINs when you use an unlock method that includes a PIN. Enhanced startup PINs permit the usage of characters (including uppercase and lowercase letters, symbols, numbers, and spaces). This policy setting is applied when you turn on BitLocker.
+
+>[!Note]
+>Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a system check during the BitLocker setup to verify that enhanced PIN characters can be used.
+
+If you enable this policy setting, all new BitLocker startup PINs that are set will be enhanced PINs. Existing drives that were protected by using standard startup PINs are not affected.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If you disable or do not configure this policy setting, enhanced PINs will not be used.
+
+
+
+**SystemDrivesDisallowStandardUsersCanChangePIN**
+
+Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Disallow standard users from changing the PIN or password
+
GP name: DisallowStandardUsersCanChangePIN_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This policy setting allows you to configure whether or not standard users are allowed to change the PIN or password, that is used to protect the operating system drive.
+
+>[!Note]
+>To change the PIN or password, the user must be able to provide the current PIN or password. This policy setting is applied when you turn on BitLocker.
+
+If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords.
+
+If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs or passwords.
+
+Sample value for this node to disable this policy is:
+
+```xml
+
+```
+
+
+
+**SystemDrivesEnablePrebootInputProtectorsOnSlates**
+
+Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Enable use of BitLocker authentication requiring preboot keyboard input on slates
+
GP name: EnablePrebootInputProtectorsOnSlates_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+The Windows touch keyboard (such as used by tablets) is not available in the preboot environment where BitLocker requires additional information, such as a PIN or password.
+
+It is recommended that administrators enable this policy only for devices that are verified to have an alternative means of preboot input, such as attaching a USB keyboard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the Windows Recovery Environment must be enabled on tablets to support entering the BitLocker recovery password.
+When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.
+
+>[!Note]
+>If you do not enable this policy setting, the following options in the **Require additional authentication at startup policy** might not be available:
+>
+>- Configure TPM startup PIN: Required and Allowed
+>- Configure TPM startup key and PIN: Required and Allowed
+>- Configure use of passwords for operating system drives
+
+
+
+
+**SystemDrivesEncryptionType**
+
+Allows you to configure the encryption type that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Enforce drive encryption type on operating system drives
+
GP name: OSEncryptionType_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+>[!Note]
+>This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method.
+>For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: manage-bde -w. If the volume is shrunk, no action is taken for the new free space.
+
+For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
+
**SystemDrivesRequireStartupAuthentication**
@@ -267,26 +494,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -299,7 +515,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a TPM. This setting is applied when you turn on BitLocker.
@@ -375,26 +591,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -407,7 +612,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
@@ -452,26 +657,15 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
(PrebootRecoveryInfo_Name).
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -484,7 +678,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting lets you configure the entire recovery message or replace the existing URL that is displayed on the pre-boot key recovery screen when the OS drive is locked.
@@ -541,26 +735,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -573,7 +756,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.
@@ -638,26 +821,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -670,7 +842,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
@@ -744,26 +916,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -776,7 +937,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.
@@ -806,6 +967,56 @@ If you disable or do not configure this setting, all fixed data drives on the co
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+**FixedDrivesEncryptionType**
+
+Allows you to configure the encryption type on fixed data drives that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Enforce drive encryption type on fixed data drives
+
GP name: FDVEncryptionType_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Fixed Data Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This policy setting is applied when you turn on BitLocker and controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page so no encryption selection displays to the user.
+
+Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives, and the encryption type option is not presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+>[!Note]
+>This policy is ignored when you are shrinking or expanding a volume and the BitLocker driver uses the current encryption method.
+>For example, when a drive that is using Used Space Only encryption is expanded, the new free space is not wiped as it would be for a drive that is using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: manage-bde -w. If the volume is shrunk, no action is taken for the new free space.
+
+For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
+
**RemovableDrivesRequireEncryption**
@@ -813,26 +1024,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
ADMX Info:
@@ -845,7 +1045,7 @@ ADMX Info:
> [!TIP]
-> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
@@ -886,6 +1086,104 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
+
+
+**RemovableDrivesEncryptionType**
+
+Allows you to configure the encryption type that is used by BitLocker.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Enforce drive encryption type on removable data drives
+
GP name: RDVEncryptionType_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Removable Data Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This policy controls whether removed data drives utilize Full encryption or Used Space Only encryption, and is applied when you turn on BitLocker. Setting this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption selection displays to the user.
+
+Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose Full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose Used Space Only encryption to require that only the portion of the drive that is used to store data is encrypted when BitLocker is turned on.
+
+If you enable this policy setting, the encryption type that BitLocker uses to encrypt drives is defined by this policy, and the encryption type option is not presented in the BitLocker Setup Wizard.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+
+If this policy is disabled or not configured, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
+
+
+
+**RemovableDrivesConfigureBDE**
+
+Allows you to control the use of BitLocker on removable data drives.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+ADMX Info:
+
+
GP English name: Control use of BitLocker on removable drives
+
GP name: RDVConfigureBDE_Name
+
GP path: Windows Components/BitLocker Drive Encryption/Removable Data Drives
+
GP ADMX file name: VolumeEncryption.admx
+
+
+
+> [!TIP]
+> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+
+This policy setting is used to prevent users from turning BitLocker on or off on removable data drives, and is applied when you turn on BitLocker.
+
+For information about suspending BitLocker protection, see [BitLocker Basic Deployment](/windows/security/information-protection/bitlocker/bitlocker-basic-deployment) .
+
+The options for choosing property settings that control how users can configure BitLocker are:
+
+- **Allow users to apply BitLocker protection on removable data drives**: Enables the user to enable BitLocker on a removable data drives.
+- **Allow users to suspend and decrypt BitLocker on removable data drives**: Enables the user to remove BitLocker from the drive or to suspend the encryption while performing maintenance.
+
+If you enable this policy setting, you can select property settings that control how users can configure BitLocker.
+
+Sample value for this node to enable this policy is:
+
+```xml
+
+```
+Data id:
+- RDVAllowBDE_Name: Allow users to apply BitLocker protection on removable data drives
+- RDVDisableBDE_Name: Allow users to suspend and decrypt BitLocker on removable data drives
+
+If this policy is disabled,users cannot use BitLocker on removable disk drives.
+
+If you do not configure this policy setting, users can use BitLocker on removable disk drives.
+
**AllowWarningForOtherDiskEncryption**
@@ -898,26 +1196,15 @@ Allows the admin to disable the warning prompt for other disk encryption on the
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The following list shows the supported values:
@@ -962,26 +1249,15 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
The expected values for this policy are:
@@ -1017,26 +1293,15 @@ This setting initiates a client-driven recovery password refresh after an OS dri
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
Value type is int. Supported operations are Add, Delete, Get, and Replace.
@@ -1072,26 +1337,15 @@ Each server-side recovery key rotation is represented by a request ID. The serve
- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
@@ -1117,26 +1371,15 @@ Interior node. Supported operation is Get.
This node reports compliance state of device encryption on the system.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
@@ -1185,26 +1428,15 @@ Status code can be one of the following:
- 0 - Pass
- Any other code - Failure HRESULT
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
Value type is int. Supported operation is Get.
@@ -1220,26 +1452,14 @@ This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
-
-
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
-
-
-
-
-
-
-
-
-
-
-
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md
deleted file mode 100644
index e4564b7aa4..0000000000
--- a/windows/client-management/mdm/browserfavorite-csp.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: BrowserFavorite CSP
-description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
-ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: dansimp
-ms.date: 06/26/2017
----
-
-# BrowserFavorite CSP
-
-
-The BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
-
-> [!Note]
-> BrowserFavorite CSP is only supported in Windows Phone 8.1.
-
-
-
-The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder.
-
-> [!Note]
-> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application.
-
-
-
-The following shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
-
-```console
-BrowserFavorite
-favorite name
-----URL
-```
-
-***favorite name***
-Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
-
-> [!Note]
-> The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
-
-
-
-Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite.
-
-**URL**
-Optional. Specifies the complete URL for the favorite.
-
-## OMA client provisioning examples
-
-
-Adding a new browser favorite.
-
-```xml
-
-
-
-
-
-
-
-
-```
-
-## Microsoft Custom Elements
-
-
-The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
-
-|Elements|Available|
-|--- |--- |
-|Parm-query|Yes|
-|Noparm|Yes|
-|Nocharacteristic|Yes|
-|Characteristic-query|Yes
Recursive query: Yes
Top-level query: Yes|
-
-## Related topics
-
-
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index e016a7676e..089b3868fd 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -7,7 +7,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.localizationpriority: medium
ms.date: 10/19/2020
---
@@ -179,907 +179,141 @@ This article lists new and updated articles for the Mobile Device Management (MD
## August 2018
-
Start/DisableContextMenus - added in Windows 10, version 1803.
-
RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.
-
-
-
+|New or updated article|Description|
+|--- |--- |
+|[BitLocker CSP](bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.|
+|[Office CSP](office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.|
+|[RemoteWipe CSP](remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
+|[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
+|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
+|[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
DataUsage/SetCost3G - deprecated in Windows 10, version 1809.
-
-
-
-
+|New or updated article|Description|
+|--- |--- |
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.|
+|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
+|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
+|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
+|[SUPL CSP](supl-csp.md)|Added 3 new certificate nodes in Windows 10, version 1809.|
+|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
+|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
+|New or updated article|Description|
+|--- |--- |
+|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
+|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
Added procedure for collecting logs remotely from Windows 10 Holographic.
Added procedure for downloading the MDM Diagnostic Information log.|
+|[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
AccountPoliciesAccountLockoutPolicy
AccountLockoutDuration - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
Security/RequireDeviceEncryption is supported in the Home SKU.
Start/StartLayout - added a table of SKU support information.
Start/ImportEdgeAssets - added a table of SKU support information.
Added the following new policies in Windows 10, version 1809:
+|New or updated article|Description|
+|--- |--- |
+|[Policy DDF file](policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
## April 2018
-
Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.
+|New or updated article|Description|
+|--- |--- |
+|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
Settings/AllowVirtualGPU
Settings/SaveFilesToHost|
+|[NetworkProxy CSP](\networkproxy--csp.md)|Added the following node in Windows 10, version 1803:
ProxySettingsPerUser|
+|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.|
+|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
-
InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
-
TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
-
-
Added a new section:
-
-
[Policies in Policy CSP supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.
-
-
-
+|New or updated article|Description|
+|--- |--- |
+|[eUICCs CSP](euiccs-csp.md)|Added the following node in Windows 10, version 1803:
IsEnabled|
+|[DeviceStatus CSP](devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
OS/Mode|
+|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)|
+|[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
UntrustedCertificates|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
Added a new section:
[[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.|
+|[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).|
+|[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.|
+|[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.|
## February 2018
-
Added the following nodes in Windows 10, version 1803:
-
-
Status
-
ShellLauncher
-
StatusConfiguration
-
-
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.
Added the following node in Windows 10, version 1803:
-
-
MaintainProcessorArchitectureOnUpdate
-
-
-
-
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
TextInput/TouchKeyboardWideModeAvailability|
+|[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
Status
ShellLauncher
StatusConfiguration
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.|
+|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
MaintainProcessorArchitectureOnUpdate|
## January 2018
-
Added the following nodes in Windows 10, version 1803:
-
-
Rollback
-
Rollback/FeatureUpdate
-
Rollback/QualityUpdateStatus
-
Rollback/FeatureUpdateStatus
-
-
-
-
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Added the following policies the were added in Windows 10, version 1709
DeviceLock/MinimumPasswordAge
Settings/AllowOnlineTips
System/DisableEnterpriseAuthProxy
Security/RequireDeviceEncryption - updated to show it is supported in desktop.|
+|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
+|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
AADSendDeviceToken
BlockInStatusPage
AllowCollectLogsButton
CustomErrorText
SkipDeviceStatusPage
SkipUserStatusPage|
+|[Defender CSP](defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.|
+|[UEFI CSP](uefi-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[Update CSP](update-csp.md)|Added the following nodes in Windows 10, version 1803:
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.
-
-
-
+| New or updated article | Description |
+| --- | --- |
+| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
+| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:
- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
+| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
+| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
+| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. |
## September 2017
-
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.|
+|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.|
+|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
DomainName - fully qualified domain name if the device is domain-joined.
For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.|
+|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.|
+|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.|
+|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
User sees installation progress of critical policies during MDM enrollment.
User knows what policies, profiles, apps MDM has configured
IT helpdesk can get detailed MDM diagnostic information using client tools
For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)|
## August 2017
-
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
-
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
-
Changed the names of the following policies:
-
-
Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
-
Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
-
Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
\ No newline at end of file
+|New or updated article|Description|
+|--- |--- |
+|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.|
+|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
+|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
+|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:
0 (default) – Off / No protection (decrypts previously protected data).
1 – Silent mode (encrypt and audit only).
2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
3 – Hides overrides (encrypt, prompt but hide overrides, and audit).|
+|[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allow list examples](applocker-csp.md#allow-list-examples).|
+|[DeviceManageability CSP](devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
Provider/ProviderID/ConfigInfo
Provider/ProviderID/EnrollmentInfo|
+|[Office CSP](office-csp.md)|Added the following setting in Windows 10, version 1709:
Installation/CurrentStatus|
+|[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
+|[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
Changed some data types from integer to bool.
Updated the list of supported operations for some settings.
Added default values.|
+|[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
Browser/AllowMicrosoftCompatibilityList
Update/DisableDualScan
Update/FillEmptyContentUrls|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
Start/HideAppList|
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index 437a1a48c2..9f6ac68165 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 6b38990ac1..05259b7621 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index ffb8f4fa5d..1a39403fad 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 07/30/2021
---
@@ -227,11 +227,11 @@ Optional. Specifies where to keep the private key.
The data type is an integer corresponding to one of the following values:
-| Value | Description |
-|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 1 | Private key protected by TPM. |
-| 2 | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1. |
-| 3 | (Default) Private key saved in software KSP. |
+| Value | Description |
+|---|---|
+| 1 | Private key protected by TPM. |
+| 2 | Private key protected by phone TPM if the device supports TPM. |
+| 3 | (Default) Private key saved in software KSP. |
| 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specified, otherwise enrollment will fail. |
Supported operations are Add, Get, Delete, and Replace.
@@ -361,7 +361,7 @@ The date type format is Null, meaning this node doesn’t contain a value.
The only supported operation is Execute.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
-Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
+Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index ed787a3b0f..46bb00affa 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
@@ -556,21 +556,22 @@ Supported operations are Get, Add, Delete, Replace.
3Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
-SCEP enrolled cert doesn’t support TPM PIN protection.
-Supported values:
+
+SCEP enrolled cert doesn’t support TPM PIN protection. Supported values:
+
1 – private key protected by TPM,
2 – private key protected by phone TPM if the device supports TPM.
-All Windows Phone 8.1 devices support TPM and will treat value 2 as 1
3 (default) – private key saved in software KSP
-4 – private key protected by NGC. If this option is specified, container name should be specifed, if not enrollment will fail
+4 – private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail.
Format is int.
Supported operations are Get, Add, Delete, Replace
+
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index c8c467fcc9..7886a382f6 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 08/02/2017
---
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index b4008efbaf..a9652c71d0 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 38f3483fda..d843207762 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 5c1c136c23..d0ca95bb1d 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 8c85cf952f..47a47c403e 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -8,13 +8,14 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 09/18/2020
+ms.collection: highpri
---
# Configuration service provider reference
-A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
+A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download).
@@ -34,9 +35,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -46,9 +47,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -58,9 +59,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -70,21 +71,21 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
-[APPLICATION CSP](application-csp.md)
+[Application CSP](application-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -94,9 +95,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -106,9 +107,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -118,21 +119,21 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
-[BOOTSTRAP CSP](bootstrap-csp.md)
+[Bootstrap CSP](bootstrap-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -142,21 +143,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[BrowserFavorite CSP](browserfavorite-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -166,9 +155,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -178,9 +167,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -190,9 +179,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -202,9 +191,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -214,9 +203,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -226,9 +215,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -238,9 +227,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|Yes|Yes|Yes|
@@ -250,9 +239,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -262,9 +251,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -274,9 +263,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -286,9 +275,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -298,9 +287,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -310,9 +299,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -322,9 +311,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -334,9 +323,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -346,9 +335,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -358,9 +347,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -370,9 +359,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -382,9 +371,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -394,9 +383,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -406,21 +395,21 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
-[EMAIL2 CSP](email2-csp.md)
+[EMail2 CSP](email2-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -430,9 +419,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -442,9 +431,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -454,9 +443,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -464,23 +453,9 @@ Additional lists:
[EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|No|
-
-
-
-
-
-[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
@@ -490,9 +465,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|
@@ -502,33 +477,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
-
-
-
-
-
-[EnterpriseExt CSP](enterpriseext-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
-
-
-
-
-
-[EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -538,9 +489,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -550,21 +501,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[FileSystem CSP](filesystem-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -574,9 +513,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -586,21 +525,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[HotSpot CSP](hotspot-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -610,20 +537,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|Mobile Enterprise|
-|--- |--- |--- |--- |--- |--- |--- |
-|Yes|Yes|No|Yes|Yes|No|No|
-
-
-
-
-[Maps CSP](maps-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|No|Yes|Yes|
@@ -633,9 +549,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -645,9 +561,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -657,9 +573,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -669,9 +585,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -681,9 +597,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -693,9 +609,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -705,9 +621,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -717,33 +633,33 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
-[PROXY CSP](proxy-csp.md)
+[Proxy CSP](proxy-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
-[PXLOGICAL CSP](pxlogical-csp.md)
+[PXLogical CSP](pxlogical-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -753,9 +669,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -765,9 +681,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|Yes|Yes|
@@ -777,9 +693,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -789,9 +705,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -801,9 +717,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -813,21 +729,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[Registry CSP](registry-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -837,21 +741,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[RemoteLock](remotelock-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -861,9 +753,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -873,9 +765,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -885,9 +777,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -897,9 +789,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -909,9 +801,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -921,9 +813,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -933,9 +825,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -945,9 +837,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -957,9 +849,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -969,9 +861,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|||||||
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
@@ -981,9 +873,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -993,9 +885,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1005,9 +897,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1017,9 +909,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|Yes|Yes|Yes|
@@ -1029,9 +921,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -1041,9 +933,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|No|No|No|No|
@@ -1053,21 +945,21 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
-[W4 APPLICATION CSP](w4-application-csp.md)
+[W4 Application CSP](w4-application-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-||||||Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
@@ -1077,9 +969,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -1089,9 +981,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1101,9 +993,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1113,9 +1005,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1125,9 +1017,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|No|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
@@ -1138,21 +1030,9 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|Yes|Yes|Yes|Yes|Yes|Yes|
-
-
-
-
-
-[WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
-
-
-
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|No|No|No|No|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
@@ -1162,21 +1042,21 @@ Additional lists:
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-|No|Yes|Yes|Yes|Yes|Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|No|Yes|Yes|Yes|Yes|
-[w7 APPLICATION CSP](w7-application-csp.md)
+[w7 Application CSP](w7-application-csp.md)
-|Home|Pro|Business|Enterprise|Education|Mobile|
-|--- |--- |--- |--- |--- |--- |
-||||||Yes|
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+||||||
@@ -1241,7 +1121,7 @@ The following list shows the CSPs supported in HoloLens devices:
> [!NOTE]
> Support in Surface Hub is limited to **Domain\ComputerName**.
- [AccountManagement CSP](accountmanagement-csp.md)
-- [APPLICATION CSP](application-csp.md)
+- [Application CSP](application-csp.md)
- [CertificateStore CSP](certificatestore-csp.md)
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
- [Defender CSP](defender-csp.md)
@@ -1255,6 +1135,7 @@ The following list shows the CSPs supported in HoloLens devices:
- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
- [Firewall-CSP](firewall-csp.md)
- [HealthAttestation CSP](healthattestation-csp.md)
+- [NetworkProxy CSP](networkproxy-csp.md)
- [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
- [NodeCache CSP](nodecache-csp.md)
- [PassportForWork CSP](passportforwork-csp.md)
@@ -1273,7 +1154,7 @@ The following list shows the CSPs supported in HoloLens devices:
## CSPs supported in Windows 10 IoT Core
- [AllJoynManagement CSP](alljoynmanagement-csp.md)
-- [APPLICATION CSP](application-csp.md)
+- [Application CSP](application-csp.md)
- [CertificateStore CSP](certificatestore-csp.md)
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
- [CustomDeviceUI CSP](customdeviceui-csp.md)
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 2645a75e3f..7a4eb3b5e1 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 7623b155f2..40621f8a86 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index b20c4ce200..4621e9a56d 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1,17 +1,17 @@
---
title: Data structures for Microsoft Store for Business
+description: Learn about the various data structures for Microsoft Store for Business.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
ms.reviewer:
manager: dansimp
-description: Learn about data structures for Microsoft Store for Business.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 09/18/2017
---
@@ -105,7 +105,7 @@ Specifies the properties of the alternate identifier.
|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.|
|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.|
|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)||
-|Status|[InventoryStatus](#inventorystatus)||
+|status|[InventoryStatus](#inventorystatus)||
## InventoryResultSet
@@ -191,20 +191,19 @@ Specifies the properties of the localized product.
|packageFamilyName|String||
|supportedPlatforms|Collection of [ProductPlatform](#productplatform)||
-
## ProductImage
Specifies the properties of the product image.
|Name|Type|Description|
|--- |--- |--- |
-|Location|URI|Location of the download image.|
-|Purpose|String|Tag for the purpose of the image, for example "screenshot" or "logo".|
-|Height|String|Height of the image in pixels.|
-|Width|String|Width of the image in pixels.|
-|Caption|String|Unlimited length.|
-|backgroundColor|String|Format "#RRGGBB"|
-|foregroundColor|String|Format "#RRGGBB"|
+|location|URI|Location of the download image.|
+|purpose|string|Tag for the image, for example "screenshot" or "logo".|
+|height|string|Height of the image in pixels.|
+|width|string|Width of the image in pixels.|
+|caption|string|Unlimited length.|
+|backgroundColor|string|Format "#RRGGBB"|
+|foregroundColor|string|Format "#RRGGBB"|
|fileSize|integer-64|Size of the file.|
## ProductKey
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 0880239fe6..fe6514f5c2 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.localizationpriority: medium
ms.date: 07/23/2021
---
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 9466edec32..7a1c219d01 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 03/27/2020
---
@@ -77,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r
Supported operation is Get.
**SwV**
-Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
+Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge.
Supported operation is Get.
@@ -114,6 +114,8 @@ Supported operation is Get.
This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
+
+
**Ext/Microsoft/RadioSwV**
Required. Returns the radio stack software version number.
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index de26ad8620..29a697c6d8 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index f36f744684..b27c178d3c 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2018
---
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 21afb0f2a6..13d4a19b6a 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index b1d7b62247..22f1b88991 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -9,8 +9,9 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 11/15/2017
+ms.collection: highpri
---
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index ac6286d7d6..f0d67e6950 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
# DeviceLock CSP
+This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
+
## Related articles
+[Policy CSP](policy-configuration-service-provider.md)
[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index eb63ef11fe..c396396f46 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
# DeviceLock DDF file
+This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
+
+
## Related topics
+[Policy CSP](policy-configuration-service-provider.md)
[DeviceLock configuration service provider](devicelock-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 99d2930eff..c964ed065c 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 4cb0c7f58b..ca69075d3a 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 49ae03d4b5..f87acbed2e 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/25/2021
---
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index fbdf08a6d0..4b820066f6 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 03/12/2018
---
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index e9c0979c67..670c0d736e 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index aec2b4cc91..3cf4154682 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 92ed52968c..5dc126771b 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -8,8 +8,9 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/25/2018
+ms.collection: highpri
---
# Diagnose MDM failures in Windows 10
@@ -35,12 +36,12 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
-mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab
+mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
```
- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
-### Understanding cab structure
-The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub
+### Understanding zip structure
+The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index d232842e12..fb9c555681 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 11/19/2019
---
@@ -246,7 +246,15 @@ la--- 1/4/2021 2:45 PM 1
la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
-Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was HKLM\Software\Policies then folder `1` will contain the corresponding `export.reg` file.
+Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
+For example, the first directive was:
+
+```xml
+
+ HKLM\Software\Policies
+
+```
+then folder `1` will contain the corresponding `export.reg` file.
The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index f635ed44c6..0f25053a37 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index 5f48d033a0..a9e4996ee9 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -11,7 +11,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index e7e340552c..9b4f0785ff 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index b10dcad38a..2d1d256133 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 592daf59ec..7731b4fe08 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index c5ba87da90..9121cdc2b4 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 1dbe4932a9..67d29f0ce3 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -18,14 +18,14 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
# DMProcessConfigXMLFiltered function
> [!Important]
-> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
+> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios.
@@ -45,7 +45,7 @@ Microsoft recommends that this function isn't used to configure the following ty
- Email settings
> [!Note]
-> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
+> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
@@ -54,37 +54,29 @@ Microsoft recommends that this function isn't used to configure the following ty
```C++
HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
LPCWSTR pszXmlIn,
- const WCHAR **rgszAllowedCspNode,
- const DWORD dwNumAllowedCspNodes,
- BSTR *pbstrXmlOut
+ const WCHAR **rgszAllowedCspNode,
+ const DWORD dwNumAllowedCspNodes,
+ BSTR *pbstrXmlOut
);
```
## Parameters
*pszXmlIn*
-
-
[in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. DMProcessConfigXMLFiltered accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
-
-
+
+- [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
*rgszAllowedCspNode*
-
-
[in] Array of WCHAR\* that specify which configuration service provider nodes can be invoked.
-
-
+
+- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked.
*dwNumAllowedCspNodes*
-
-
[in] Number of elements passed in rgszAllowedCspNode.
-
-
+
+- [in] Number of elements passed in rgszAllowedCspNode.
*pbstrXmlOut*
-
-
[out] The resulting null–terminated XML from configuration. The caller of DMProcessConfigXMLFiltered is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use SysFreeString to free the memory.
-
-
+
+- [out] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use **SysFreeString** to free the memory.
If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index ffdfc3e2b7..e37075e180 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index 61b4b4754a..7cebc030ce 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index 3b59ea0c12..37a56ed643 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -5,10 +5,11 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp
+ms.collection: highpri
---
# DynamicManagement CSP
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 2690fa4e23..5bf20a535b 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 2ef69ad6c3..37f0269edb 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index de7b12c65f..d84509518f 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 4f11b5b64d..11c6ba0946 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index bf6cf8cc1e..2ab4830667 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 4dfc661666..1bb3dbc3a7 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -6,13 +6,18 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
-ms.date: 10/14/2021
+ms.date: 01/03/2022
ms.reviewer:
manager: dansimp
+ms.collection: highpri
---
# Enroll a Windows 10 device automatically using Group Policy
+**Applies to:**
+
+- Windows 10
+
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
@@ -44,11 +49,12 @@ For this policy to work, you must verify that the MDM service provider allows th
## Verify auto-enrollment requirements and settings
To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
The following steps demonstrate required settings using the Intune service:
-1. Verify that the user who is going to enroll the device has a valid Intune license.
- 
+1. Verify that the user who is going to enroll the device has a valid Endpoint Protection Manager license.
-2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
+ :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
+
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM). For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
@@ -78,7 +84,7 @@ The following steps demonstrate required settings using the Intune service:
6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
- 
+ :::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
You may contact your domain administrators to verify if the group policy has been deployed successfully.
@@ -87,7 +93,7 @@ You may contact your domain administrators to verify if the group policy has bee
9. Verify that Microsoft Intune should allow enrollment of Windows devices.
- 
+ :::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png":::
## Configure the auto-enrollment Group Policy for a single PC
@@ -108,12 +114,11 @@ Requirements:
3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
- > [!div class="mx-imgBorder"]
- > 
+ :::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png":::
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
- 
+ :::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png":::
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
@@ -154,7 +159,7 @@ Requirements:
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
- 
+ :::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
@@ -190,6 +195,9 @@ Requirements:
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
+ - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
+
+
2. Install the package on the Domain Controller.
3. Navigate, depending on the version to the folder:
@@ -208,11 +216,13 @@ Requirements:
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
+ - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
+
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
-5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
+5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**.
- If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
+ If this folder does not exist, then be aware that you will be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
@@ -239,21 +249,21 @@ To collect Event Viewer logs:
3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
- 
+ :::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png":::
If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
- The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
- 
+ :::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png":::
- To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
+ To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information.
- The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot:
- 
+ :::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png":::
> [!Note]
> This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
@@ -262,24 +272,24 @@ To collect Event Viewer logs:
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**.
Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
- 
+ :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
When the task is completed, a new event ID 102 is logged.
- 
+ :::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png":::
Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
- 
+ :::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png":::
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
- 
+ :::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png":::
### Related topics
@@ -288,13 +298,14 @@ To collect Event Viewer logs:
- [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11))
- [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11))
- [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11))
-- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
-- [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints)
+- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
+- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints)
- [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684)
- [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353)
### Useful Links
+- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
- [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 98739efcb1..75870e43e0 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: ManikaDhiman
+author: dansimp
ms.date: 05/17/2019
---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 54e9da339c..3b4e865ccb 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: ManikaDhiman
+author: dansimp
ms.date: 05/21/2019
---
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index f82e763f75..2b50af966e 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 09/22/2017
---
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 5e7af9b60d..60e6f5ba4a 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md
index 1910df9821..4192b8bdcc 100644
--- a/windows/client-management/mdm/enterpriseappmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
@@ -18,8 +18,7 @@ ms.date: 06/26/2017
The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment.
> [!NOTE]
-> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile.
-
+> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
The following shows the EnterpriseAppManagement configuration service provider in tree format.
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index cb948488da..5833aa9062 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 8cf951cf55..1c18aff981 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
deleted file mode 100644
index db8f48e055..0000000000
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ /dev/null
@@ -1,1116 +0,0 @@
----
-title: EnterpriseAssignedAccess CSP
-description: Use the EnterpriseAssignedAccess configuration service provider (CSP) to configure custom layouts on a device.
-ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 07/12/2017
----
-
-# EnterpriseAssignedAccess CSP
-
-
-The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching.
-
-> [!NOTE]
-> The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile.
-
-For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile).
-
-The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
-
-```console
-./Vendor/MSFT
-EnterpriseAssignedAccess
-----AssignedAccess
---------AssignedAccessXml
-----LockScreenWallpaper
---------BGFileName
-----Theme
---------ThemeBackground
---------ThemeAccentColorID
---------ThemeAccentColorValue
-----Clock
---------TimeZone
-----Locale
---------Language
-```
-
-The following list shows the characteristics and parameters.
-
-**./Vendor/MSFT/EnterpriseAssignedAccess/**
-The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace.
-
-**AssignedAccess/**
-The parent node of assigned access XML.
-
-**AssignedAccess/AssignedAccessXml**
-The XML code that controls the assigned access settings that will be applied to the device.
-
-Supported operations are Add, Delete, Get and Replace.
-
-The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
-
-> [!IMPORTANT]
-> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
-
-When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
-
-Entry | Description
------------ | ------------
-ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.
-ActionCenter | Example: ``
-ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
-ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: ``
-ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. ``
-StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
-StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `Large`
-Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app.
-Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: ``
-Application |
-Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
-
-Application example:
-```xml
-
-
- Large
-
- 0
- 2
-
-
-
-```
-
-Entry | Description
------------ | ------------
-Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. The following example shows how to pin both Outlook mail and Outlook calendar.
-
-Application example:
-```xml
-
-
-
-
- Large
-
- 1
- 4
-
-
-
-
-
-
- Large
-
- 1
- 6
-
-
-
-
-```
-
-Entry | Description
------------ | ------------
-Folder | A folder should be contained in `` node among with other `` nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
-
-Folder example:
-```xml
-
-
- Large
-
- 0
- 2
-
-
-
-```
-An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
-
-```xml
-
-
- Medium
-
- 0
- 0
-
- 2
-
-
-```
-
-Entry | Description
------------ | ------------
-Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages.
-
-
-
-Entry | Description
------------ | ------------
-Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI.
-
-For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.
-
-Here is an example for Windows 10, version 1703.
-
-```xml
-
-
-
-
-
-
-
-
-
-```
-
-**Quick action settings**
-
-Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
-
-> [!NOTE]
-> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
-
-
-
-Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list:
-- QuickActions_Launcher_AllSettings
-- QuickActions_Launcher_DeviceDiscovery
-- SystemSettings_BatterySaver_LandingPage_OverrideControl
-- SystemSettings_Device_BluetoothQuickAction
-- SystemSettings_Flashlight_Toggle
-- SystemSettings_Launcher_QuickNote
-- SystemSettings_Network_VPN_QuickAction
-- SystemSettings_Privacy_LocationEnabledUserPhone
-- SystemSettings_QuickAction_AirplaneMode
-- SystemSettings_QuickAction_Camera
-- SystemSettings_QuickAction_CellularData
-- SystemSettings_QuickAction_InternetSharing
-- SystemSettings_QuickAction_QuietHours
-- SystemSettings_QuickAction_WiFi
-- SystemSettings_System_Display_Internal_Rotation
-- SystemSettings_System_Display_QuickAction_Brightness
-
-
-In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked.
-
-```xml
-
-
-```
-
-In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-```
-Here is an example for Windows 10, version 1703.
-
-```xml
-
-
-
-
-
-
-
-
-
-```
-
-Entry | Description
------------ | ------------
-Buttons | The following list identifies the hardware buttons on the device that you can lock down in ButtonLockdownList. When a user taps a button that is in the lockdown list, nothing will happen.
-
-
-
Start
-
Back
-
Search
-
Camera
-
Custom1
-
Custom2
-
Custom3
-
-
-> [!NOTE]
-> Lock down of the Start button only prevents the press and hold event.
->
-> Custom buttons are hardware buttons that can be added to devices by OEMs.
-
-Buttons example:
-```xml
-
-
-
-
-
-
-
-
-
-```
-The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-
-> [!NOTE]
-> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
->
-> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
-
-To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
-
-```xml
-
-
-
-```
-**Disabling navigation buttons**
-To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").
-
-The following section contains a sample lockdown XML file that shows how to disable navigation buttons.
-
-```xml
-
-
-
-
-
-
-
-
- Large
-
- 0
- 0
-
-
-
-
-
-
-
- Small
-
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Small
-
-
-```
-
-Entry | Description
------------ | ------------
-MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.
-
-> [!IMPORTANT]
-> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps.
-
-MenuItems example:
-
-```xml
-
-
-
-```
-
-Entry | Description
------------ | ------------
-Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.
-
-> [!IMPORTANT]
-> If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.
-
-The following sample file contains configuration for enabling tile manipulation.
-
-> [!NOTE]
-> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node.
-
-```xml
-
-
-
-
-
-
-
-
- Large
-
- 0
- 0
-
-
-
-
-
-
-
- Small
-
- 2
- 2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Small
-
-
-```
-
-Entry | Description
------------ | ------------
-CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.
-
-
-**LockscreenWallpaper/**
-The parent node of the lock screen-related parameters that let administrators query and manage the lock screen image on devices. Supported operations are Add, Delete, Get and Replace.
-
-**LockscreenWallpaper/BGFileName**
-The file name of the lock screen. The image file for the lock screen can be in .jpg or .png format and must not exceed 2 MB. The file name can also be in the Universal Naming Convention (UNC) format, in which case the device downloads it from the shared network and then sets it as the lock screen wallpaper.
-
-Supported operations are Add, Get, and Replace.
-
-**Theme/**
-The parent node of theme-related parameters.
-
-Supported operations are Add, Delete, Get and Replace.
-
-**Theme/ThemeBackground**
-Indicates whether the background color is light or dark. Set to **0** for light; set to **1** for dark.
-
-Supported operations are Get and Replace.
-
-**Theme/ThemeAccentColorID**
-The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values.
-
-|Value|Description|
-|--- |--- |
-|0|Lime|
-|1|Green|
-|2|Emerald|
-|3|Teal (Viridian)|
-|4|Cyan (Blue)|
-|5|Cobalt|
-|6|Indigo|
-|7|Violet (Purple)|
-|8|Pink|
-|9|Magenta|
-|10|Crimson|
-|11|Red|
-|12|Orange (Mango)|
-|13|Amber|
-|14|Yellow|
-|15|Brown|
-|16|Olive|
-|17|Steel|
-|18|Mauve|
-|19|Sienna|
-|101 through 104|Optional colors, as defined by the OEM|
-|151|Custom accent color for Enterprise|
-
-Supported operations are Get and Replace.
-
-**Theme/ThemeAccentColorValue**
-A 6-character string for the accent color to apply to controls and other visual elements.
-
-To use a custom accent color for Enterprise, enter **151** for *ThemeAccentColorID* before *ThemeAccentColorValue* in lockdown XML. *ThemeAccentColorValue* configures the custom accent color using hex values for red, green, and blue, in RRGGBB format. For example, enter FF0000 for red.
-
-Supported operations are Get and Replace.
-
-**PersistData**
-Not supported in Windows 10.
-
-The parent node of whether to persist data that has been provisioned on the device.
-
-**PersistData/PersistProvisionedData**
-Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CSP](remotewipe-csp.md) instead.
-
-**Clock/TimeZone/**
-An integer that specifies the time zone of the device. The following table shows the possible values.
-
-Supported operations are Get and Replace.
-
-|Value|Time zone|
-|--- |--- |
-|0|UTC-12 International Date Line West|
-|100|UTC+13 Samoa|
-|110|UTC-11 Coordinated Universal Time-11|
-|200|UTC-10 Hawaii|
-|300|UTC-09 Alaska|
-|400|UTC-08 Pacific Time (US & Canada)|
-|410|UTC-08 Baja California|
-|500|UTC-07 Mountain Time (US & Canada)|
-|510|UTC-07 Chihuahua, La Paz, Mazatlan|
-|520|UTC-07 Arizona|
-|600|UTC-06 Saskatchewan|
-|610|UTC-06 Central America|
-|620|UTC-06 Central Time (US & Canada)|
-|630|UTC-06 Guadalajara, Mexico City, Monterrey|
-|700|UTC-05 Eastern Time (US & Canada)|
-|710|UTC-05 Bogota, Lima, Quito|
-|720|UTC-05 Indiana (East)|
-|800|UTC-04 Atlantic Time (Canada)|
-|810|UTC-04 Cuiaba|
-|820|UTC-04 Santiago|
-|830|UTC-04 Georgetown, La Paz, Manaus, San Juan|
-|840|UTC-04 Caracas|
-|850|UTC-04 Asuncion|
-|900|UTC-03:30 Newfoundland|
-|910|UTC-03 Brasilia|
-|920|UTC-03 Greenland|
-|930|UTC-03 Montevideo|
-|940|UTC-03 Cayenne, Fortaleza|
-|950|UTC-03 Buenos Aires|
-|960|UTC-03 Salvador|
-|1000|UTC-02 Mid-Atlantic|
-|1010|UTC-02 Coordinated Universal Time-02|
-|1100|UTC-01 Azores|
-|1110|UTC-01 Cabo Verde|
-|1200|UTC Dublin, Edinburgh, Lisbon, London|
-|1210|UTC Monrovia, Reykjavik|
-|1220|UTC Casablanca|
-|1230|UTC Coordinated Universal Time|
-|1300|UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague|
-|1310|UTC+01 Sarajevo, Skopje, Warsaw, Zagreb|
-|1320|UTC+01 Brussels, Copenhagen, Madrid, Paris|
-|1330|UTC+01 West Central Africa|
-|1340|UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna|
-|1350|UTC+01 Windhoek|
-|1360|UTC+01 Tripoli|
-|1400|UTC+02 E. Europe|
-|1410|UTC+02 Cairo|
-|1420|UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius|
-|1430|UTC+02 Athens, Bucharest|
-|1440|UTC+02 Jerusalem|
-|1450|UTC+02 Amman|
-|1460|UTC+02 Beirut|
-|1470|UTC+02 Harare, Pretoria|
-|1480|UTC+02 Damascus|
-|1490|UTC+02 Istanbul|
-|1500|UTC+03 Kuwait, Riyadh|
-|1510|UTC+03 Baghdad|
-|1520|UTC+03 Nairobi|
-|1530|UTC+03 Kaliningrad, Minsk|
-|1540|UTC+04 Moscow, St. Petersburg, Volgograd|
-|1550|UTC+03 Tehran|
-|1600|UTC+04 Abu Dhabi, Muscat|
-|1610|UTC+04 Baku|
-|1620|UTC+04 Yerevan|
-|1630|UTC+04 Kabul|
-|1640|UTC+04 Tbilisi|
-|1650|UTC+04 Port Louis|
-|1700|UTC+06 Ekaterinburg|
-|1710|UTC+05 Tashkent|
-|1720|UTC+05 Chennai, Kolkata, Mumbai, New Delhi|
-|1730|UTC+05 Sri Jayawardenepura|
-|1740|UTC+05 Kathmandu|
-|1750|UTC+05 Islamabad, Karachi|
-|1800|UTC+06 Astana|
-|1810|UTC+07 Novosibirsk|
-|1820|UTC+06 Yangon (Rangoon)|
-|1830|UTC+06 Dhaka|
-|1900|UTC+08 Krasnoyarsk|
-|1910|UTC+07 Bangkok, Hanoi, Jakarta|
-|1900|UTC+08 Krasnoyarsk|
-|2000|UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi|
-|2010|UTC+09 Irkutsk|
-|2020|UTC+08 Kuala Lumpur, Singapore|
-|2030|UTC+08 Taipei|
-|2040|UTC+08 Perth|
-|2050|UTC+08 Ulaanbaatar|
-|2100|UTC+09 Seoul|
-|2110|UTC+09 Osaka, Sapporo, Tokyo|
-|2120|UTC+10 Yakutsk|
-|2130|UTC+09 Darwin|
-|2140|UTC+09 Adelaide|
-|2200|UTC+10 Canberra, Melbourne, Sydney|
-|2210|UTC+10 Brisbane|
-|2220|UTC+10 Hobart|
-|2230|UTC+11 Vladivostok|
-|2240|UTC+10 Guam, Port Moresby|
-|2300|UTC+11 Solomon Is., New Caledonia|
-|2310|UTC+12 Magadan|
-|2400|UTC+12 Fiji|
-|2410|UTC+12 Auckland, Wellington|
-|2420|UTC+12 Petropavlovsk-Kamchatsky|
-|2430|UTC+12 Coordinated Universal Time +12|
-|2500|UTC+13 Nuku'alofa|
-
-**Locale/Language/**
-The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c).
-
-The language setting is configured in the Default User profile only.
-
-> [!NOTE]
-> Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required.
-
-Supported operations are Get and Replace.
-
-## OMA client provisioning examples
-
-
-The XML examples in this section show how to perform various tasks by using OMA client provisioning.
-
-> [!NOTE]
-> These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file.
-
-
-
-### Assigned Access settings
-
-The following example shows how to add a new policy.
-
-```xml
-
-
-
- "/>
-
-
-
-```
-
-### Language
-
-The following example shows how to specify the language to display on the device.
-
-```xml
-
-
-
-
-
-
-```
-
-## OMA DM examples
-
-
-These XML examples show how to perform various tasks using OMA DM.
-
-### Assigned access settings
-
-The following example shows how to lock down a device.
-
-```xml
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml
-
-
-
-
-
-
-
-```
-
-### Theme
-
-The following example shows how to change the accent color to one of the standard colors.
-
-```xml
-
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID
-
-
- int
-
-
- 7
-
-
-
-
-
-```
-
-The following example shows how to change the theme.
-
-```xml
-
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground
-
-
- int
-
-
- 1
-
-
-
-
-
-```
-
-The following example shows how to set a custom theme accent color for the enterprise environment.
-
-```xml
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID
-
-
- int
-
-
- 151
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorValue
-
-
- chr
-
-
- FF0000
-
-
-
-
-```
-
-### Lock screen
-
-Use the examples in this section to set a new lock screen and manage the lock screen features. If using a UNC path, format the LocURI as \\\\host\\share\\image.jpg.
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-
- chr
- text/plain
-
- c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg
-
-
-
-```
-
-The following example shows how to query the device for the file being used as the lock screen.
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-
-
-
-```
-
-The following example shows how to change the existing lock screen image to one of your choosing.
-
-```xml
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName
-
-
- chr
- text/plain
-
- c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg
-
-
-
-
-
-```
-
-### Time zone
-
-The following example shows how to set the time zone to UTC-07 Mountain Time (US & Canada).
-
-```xml
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone
-
-
- int
-
- 500
-
-
-
-
-
-```
-
-The following example shows how to set the time zone to Pacific Standard Time (UTC-08:00) without observing daylight savings time (UTC+01:00).
-
-```xml
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Clock/TimeZone
-
-
- int
-
- 400
-
-
-
-
-
-```
-
-### Language
-
-The following example shows how to set the language.
-
-```xml
-
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseAssignedAccess/Locale/Language
-
-
- int
-
- 1033
-
-
-
-
-
-```
-
-## Product IDs in Windows 10 Mobile
-
-The following table lists the product ID and AUMID for each app that is included in Windows 10 Mobile.
-
-|App|Product ID|AUMID|
-|--- |--- |--- |
-|Alarms and clock|44F7D2B4-553D-4BEC-A8B7-634CE897ED5F|Microsoft.WindowsAlarms_8wekyb3d8bbwe!App|
-|Calculator|B58171C6-C70C-4266-A2E8-8F9C994F4456|Microsoft.WindowsCalculator_8wekyb3d8bbwe!App|
-|Camera|F0D8FEFD-31CD-43A1-A45A-D0276DB069F1|Microsoft.WindowsCamera_8wekyb3d8bbwe!App|
-|Contact Support|0DB5FCFF-4544-458A-B320-E352DFD9CA2B|Windows.ContactSupport_cw5n1h2txyewy!App|
-|Cortana|FD68DCF4-166F-4C55-A4CA-348020F71B94|Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI|
-|Excel|EAD3E7C0-FAE6-4603-8699-6A448138F4DC|Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel|
-|Facebook|82A23635-5BD9-DF11-A844-00237DE2DB9E|Microsoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e|
-|File Explorer|C5E2524A-EA46-4F67-841F-6A9465D9D515|c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App|
-|FM Radio|F725010E-455D-4C09-AC48-BCDEF0D4B626|N/A|
-|Get Started|B3726308-3D74-4A14-A84C-867C8C735C3C|Microsoft.Getstarted_8wekyb3d8bbwe!App|
-|Groove Music|D2B6A184-DA39-4C9A-9E0A-8B589B03DEC0|Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic|
-|Maps|ED27A07E-AF57-416B-BC0C-2596B622EF7D|Microsoft.WindowsMaps_8wekyb3d8bbwe!App|
-|Messaging|27E26F40-E031-48A6-B130-D1F20388991A|Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax|
-|Microsoft Edge|395589FB-5884-4709-B9DF-F7D558663FFD|Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge|
-|Money|1E0440F1-7ABF-4B9A-863D-177970EEFB5E|Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance|
-|Movies and TV|6AFFE59E-0467-4701-851F-7AC026E21665|Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo|
-|News|9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1|Microsoft.BingNews_8wekyb3d8bbwe!AppexNews|
-|OneDrive|AD543082-80EC-45BB-AA02-FFE7F4182BA8|Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App|
-|OneNote|CA05B3AB-F157-450C-8C49-A1F127F5E71D|Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim|
-|Outlook Calendar|A558FEBA-85D7-4665-B5D8-A2FF9C19799B|Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar|
-|Outlook Mail|A558FEBA-85D7-4665-B5D8-A2FF9C19799B|Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail|
-|People|60BE1FB8-3291-4B21-BD39-2221AB166481|Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x|
-|Phone (dialer)|F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7|Microsoft.CommsPhone_8wekyb3d8bbwe!App|
-|Photos|FCA55E1B-B9A4-4289-882F-084EF4145005|Microsoft.Windows.Photos_8wekyb3d8bbwe!App|
-|Podcasts|C3215724-B279-4206-8C3E-61D1A9D63ED3|Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x|
-|PowerPoint|B50483C4-8046-4E1B-81BA-590B24935798|Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim|
-|Settings|2A4E62D8-8809-4787-89F8-69D0F01654FB|2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App|
-|Skype|C3F8E570-68B3-4D6A-BDBB-C0A3F4360A51|Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId|
-|Skype Video|27E26F40-E031-48A6-B130-D1F20388991A|Microsoft.Messaging_8wekyb3d8bbwe!App|
-|Sports|0F4C8C7E-7114-4E1E-A84C-50664DB13B17|Microsoft.BingSports_8wekyb3d8bbwe!AppexSports|
-|Storage|5B04B775-356B-4AA0-AAF8-6491FFEA564D|N/A|
-|Store|7D47D89A-7900-47C5-93F2-46EB6D94C159|Microsoft.WindowsStore_8wekyb3d8bbwe!App|
-|Voice recorder|7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App|
-|Wallet|587A4577-7868-4745-A29E-F996203F1462|Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App|
-|Weather|63C2A117-8604-44E7-8CEF-DF10BE3A57C8|Microsoft.BingWeather_8wekyb3d8bbwe!App|
-|Windows Feedback|7604089D-D13F-4A2D-9998-33FC02B63CE3|Microsoft.WindowsFeedback_8wekyb3d8bbwe!App|
-|Word|258F115C-48F4-4ADB-9A68-1387E634459B|Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word|
-|Xbox|B806836F-EEBE-41C9-8669-19E243B81B83|Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp|
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md b/windows/client-management/mdm/enterpriseassignedaccess-ddf.md
deleted file mode 100644
index 5d0a19de74..0000000000
--- a/windows/client-management/mdm/enterpriseassignedaccess-ddf.md
+++ /dev/null
@@ -1,328 +0,0 @@
----
-title: EnterpriseAssignedAccess DDF
-description: Utilize the OMA DM device description framework (DDF) for the EnterpriseAssignedAccess configuration service provider.
-ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# EnterpriseAssignedAccess DDF
-
-
-This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-```xml
-
-]>
-
- 1.2
-
- EnterpriseAssignedAccess
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- com.microsoft/1.1/MDM/EnterpriseAssignedAccess
-
-
-
- AssignedAccess
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- AssignedAccessXml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- LockScreenWallpaper
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- BGFileName
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Theme
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ThemeBackground
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ThemeAccentColorID
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- ThemeAccentColorValue
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Clock
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- TimeZone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Locale
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Language
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md b/windows/client-management/mdm/enterpriseassignedaccess-xsd.md
deleted file mode 100644
index 3ee96832c7..0000000000
--- a/windows/client-management/mdm/enterpriseassignedaccess-xsd.md
+++ /dev/null
@@ -1,270 +0,0 @@
----
-title: EnterpriseAssignedAccess XSD
-description: This XSD can be used to validate that the lockdown XML in the \ block of the AssignedAccessXML node.
-ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# EnterpriseAssignedAccess XSD
-
-
-This XSD can be used to validate that the lockdown XML in the \ block of the AssignedAccessXML node.
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 07388f0b79..e406d98d74 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 08/09/2017
---
@@ -38,7 +38,6 @@ EnterpriseDataProtection
--------EDPEnforcementLevel
--------EnterpriseProtectedDomainNames
--------AllowUserDecryption
---------RequireProtectionUnderLockConfig
--------DataRecoveryCertificate
--------RevokeOnUnenroll
--------RMSTemplateIDForEDP
@@ -95,24 +94,6 @@ The following list shows the supported values:
Most restricted value is 0.
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-
-**Settings/RequireProtectionUnderLockConfig**
-Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured. A PIN must be configured on the device before you can apply this policy.
-
-The following list shows the supported values:
-
-- 0 (default) – Not required.
-- 1 – Required.
-
-Most restricted value is 1.
-
-The CSP checks the current edition and hardware support (TPM), and returns an error message if the device does not have the required hardware.
-
-> [!Note]
-> This setting is only supported in Windows 10 Mobile.
-
-
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/DataRecoveryCertificate**
@@ -250,7 +231,7 @@ For EFSCertificate KeyTag, it is expected to be a DER ENCODED binary certificate
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
**Settings/RevokeOnUnenroll**
-This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.
+This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
@@ -260,7 +241,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**Settings/RevokeOnMDMHandoff**
-Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
+Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys
- 1 (default) - Revoke keys
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index f7551ccabc..1b0ee74568 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 12/05/2017
---
@@ -141,29 +141,6 @@ The XML below is the current version for this CSP.
-
- RequireProtectionUnderLockConfig
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
- DataRecoveryCertificate
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index 70beb72229..9be9cb8c8d 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 07/11/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index f4bfca0010..329d5cb253 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index 821ec27110..097a08b4f8 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/enterpriseext-csp.md b/windows/client-management/mdm/enterpriseext-csp.md
deleted file mode 100644
index 1cf7829f88..0000000000
--- a/windows/client-management/mdm/enterpriseext-csp.md
+++ /dev/null
@@ -1,386 +0,0 @@
----
-title: EnterpriseExt CSP
-description: Learn how the EnterpriseExt CSP allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
-ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# EnterpriseExt CSP
-
-
-The EnterpriseExt configuration service provider allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
-
-> **Note** The EnterpriseExt CSP is only supported in Windows 10 Mobile.
-
-
-
-The following shows the EnterpriseExt configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
-```
-./Vendor/MSFT
-EnterpriseExt
-----DeviceCustomData
---------CustomID
---------CustomString
-----Brightness
---------Default
---------MaxAuto
-----LedAlertNotification
---------State
---------Intensity
---------Period
---------DutyCycle
---------Cyclecount
-```
-The following list shows the characteristics and parameters.
-
-**./Vendor/MSFT/EnterpriseExt**
-The root node for the EnterpriseExt configuration service provider. Supported operations is Get.
-
-**DeviceCustomData**
-Node for setting the custom device ID and string.
-
-**DeviceCustomData/CustomID**
-Any string value as the device ID. This value appears in **Settings** > **About** > **Info**.
-
-Here's an example for getting custom data.
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomID
-
-
-
-
- ./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomString
-
-
-
-
-
-
-```
-
-**DeviceCustomData/CustomString**
-Any string value that is associated with the device.
-
-Here's an example for setting custom data.
-
-```xml
-
-
-
-
- 1
-
-
- ./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomID
-
- urn:uuid:130CCE0D-0187-5866-855A-DE7406F76046
-
-
-
- ./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomString
-
- {"firstName":"John","lastName":"Doe"}
-
-
-
-
-
-```
-
-**Brightness**
-Node for setting device brightness values.
-
-**Brightness/Default**
-Default display brightness value. For example, you can maximize battery life by reducing the default value or set it to medium in a facility that is generally darker.
-
-The valid values are:
-
-- Automatic - the device determines the brightness
-- Low
-- Medium
-- High
-
-The supported operations are Get and Replace.
-
-Here's an example for getting the current default value.
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseExt/Brightness/Default
-
-
-
-
-
-
-```
-
-Here's an example for setting the default value to medium.
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseExt/Brightness/Default
-
- medium
-
-
-
-
-
-```
-
-**Brightness/MaxAuto**
-Maximum display brightness value when the device is set to automatic mode. The device brightness will never be higher than the MaxAuto value. The value values are:
-
-- Low
-- Medium
-- High
-
-The supported operations are Get and Replace.
-
-Here's an example for setting the maximum auto-brightness to medium.
-
-```xml
-
-
-
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseExt/Brightness/MaxAuto
-
- medium
-
-
-
-
-
-```
-
-**LedAlertNotification**
-Node for setting LED behavior of the device.
-
-**LedAlertNotification/State**
-LED state. The valid values are:
-
-- 0 - off
-- 1 - on
-- 2 - blink
-
-Example: LED On
-
-```xml
-
-
-
-
- 3
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Intensity
-
-
- int
-
- 100
-
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State
-
-
- int
-
- 1
-
-
-
-
-
-```
-
-Example: LED Off
-
-```xml
-
-
-
-
- 3
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State
-
-
- int
-
- 0
-
-
-
-
-
-```
-
-**LedAlertNotification/Intensity**
-Intensity of the LED brightness. You can set the value between 1 - 100.
-
-Example: LED blink
-
-```xml
-
-
-
-
- 3
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Period
-
-
- int
-
- 500
-
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Dutycycle
-
-
- int
-
- 70
-
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Intensity
-
-
- int
-
- 100
-
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Cyclecount
-
-
- int
-
- 543210
-
-
-
- ./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State
-
-
- int
-
- 2
-
-
-
-
-
-```
-
-**LedAlertNotification/Period**
-Duration of each blink, which is the time of ON + OFF. The value is in milliseconds. This is valid only for blink.
-
-**LedAlertNotification/DutyCycle**
-LED ON duration during one blink cycle. You can set the value between 1 - 100. This is valid only for blink.
-
-**LedAlertNotification/Cyclecount**
-Number of blink cycles. The data type is a 4-byte signed integer. Any negative value or zero results in an error. This node is only valid for blink.
-
-**DeviceReboot**
-Removed in Windows 10.
-
-**DeviceReboot/WaitTime**
-Removed in Windows 10.
-
-**MaintenanceWindow**
-Removed in Windows 10.
-
-**MaintenanceWindow/MaintenanceAllowed**
-Removed in Windows 10.
-
-**MaintenanceWindow/MWMandatory**
-Removed in Windows 10.
-
-**MaintenanceWindow/ScheduleXML**
-Removed in Windows 10.
-
-**MaintenanceWindow/MWNotificationDuration**
-Removed in Windows 10.
-
-**MaintenanceWindow/MWminimumDuration**
-Removed in Windows 10.
-
-**DeviceUpdate**
-Removed in Windows 10.
-
-**DeviceUpdate/DateTimeStamp**
-Removed in Windows 10.
-
-**DeviceUpdate/UpdateResultXml**
-Removed in Windows 10.
-
-**MDM**
-Removed in Windows 10.
-
-**MDM/Server**
-Removed in Windows 10.
-
-**MDM/Username**
-Removed in Windows 10.
-
-**MDM/Password**
-Removed in Windows 10.
-
-**MDM/EnableDeviceEnrollment**
-Removed in Windows 10.
-
-**Pfx**
-Removed in Windows 10.
-
-**DisableEnterpriseValidation**
-Removed in Windows 10.
-
-
-
-
-
-10/10/2016
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseext-ddf.md b/windows/client-management/mdm/enterpriseext-ddf.md
deleted file mode 100644
index 4b3d4b0afd..0000000000
--- a/windows/client-management/mdm/enterpriseext-ddf.md
+++ /dev/null
@@ -1,320 +0,0 @@
----
-title: EnterpriseExt DDF
-description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExt configuration service provider (CSP).
-ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# EnterpriseExt DDF
-
-
-This topic shows the OMA DM device description framework (DDF) for the **EnterpriseExt** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-```xml
-
-]>
-
- 1.2
-
- EnterpriseExt
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- DeviceCustomData
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- CustomID
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- CustomString
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Brightness
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Default
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- MaxAuto
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- LedAlertNotification
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- State
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Intensity
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Period
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- DutyCycle
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- Cyclecount
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseextfilessystem-csp.md b/windows/client-management/mdm/enterpriseextfilessystem-csp.md
deleted file mode 100644
index 58fdde76ab..0000000000
--- a/windows/client-management/mdm/enterpriseextfilessystem-csp.md
+++ /dev/null
@@ -1,140 +0,0 @@
----
-title: EnterpriseExtFileSystem CSP
-description: Add, retrieve, or change files through the Mobile Device Management (MDM) service using the EnterpriseExtFileSystem CSP.
-ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 06/26/2017
----
-
-# EnterpriseExtFileSystem CSP
-
-
-The EnterpriseExtFileSystem configuration service provider (CSP) allows IT administrators to add, retrieve, or change files in the file system through the Mobile Device Management (MDM) service. For example, you can use this configuration service provider to push a provisioning XML file or a new lock screen background image file to a device through the MDM service, and also retrieve logs from the device in the enterprise environment.
-
-> **Note** The EnterpriseExtFileSystem CSP is only supported in Windows 10 Mobile.
-
-
-
-File contents are embedded directly into the syncML message, so there is a limit to the size of the file that can be retrieved from the device. The default limit is 0x100000 (1 MB). You can configure this limit by using the following registry key: **Software\\Microsoft\\Provisioning\\CSPs\\.\\Vendor\\MSFT\\EnterpriseExtFileSystem\\MaxFileReadSize**.
-
-The following shows the EnterpriseExtFileSystem configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
-```
-./Vendor/MSFT
-EnterpriseExtFileSystem
-----Persistent
---------Files_abc1
---------Directory_abc2
-----NonPersistent
---------Files_abc3
---------Directory_abc4
-----OemProfile
---------Directory_abc5
---------Files_abc6
-```
-The following list describes the characteristics and parameters.
-
-**./Vendor/MSFT/EnterpriseExtFileSystem**
-
The root node for the EnterpriseExtFileSystem configuration service provider. Supported operations are Add and Get.
-
-**Persistent**
-
The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.
-
-> **Important** There is a limit to the amount of data that can be persisted, which varies depending on how much disk space is available on one of the partitions. This data cap amount (that can be persisted) varies by manufacturer.
->
->
->
-> **Note** When the IT admin triggers a **doWipePersistProvisionedData** action using [RemoteWipe CSP](remotewipe-csp.md), items stored in the Persistent folder are persisted over wipe and restored when the device boots again. The contents are not persisted if a **doWipe** action is triggered.
-
-
-
-**NonPersistent**
-
The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.
-
-
When the device is wiped, any data stored in the NonPersistent folder is deleted.
-
-**OemProfile**
-
Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \data\shareddata\oem\public\profile\ folder of the device.
-
-***Directory***
-
The name of a directory in the device file system. Any Directory node can have directories and files as child nodes.
-
-
Use the Add command to create a new directory. You cannot use it to add a new directory under a file system root.
-
-
Use the Get command to return the list of child node names under Directory.
-
-
Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under Directory.
-
-***Filename***
-
The name of a file in the device file system.
-
-Supported operations is Get.
-
-## OMA DM examples
-
-
-The following example shows how to retrieve a file from the device.
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/file.txt
-
-
-
-```
-
-The following example shows the file name that is returned in the body of the response syncML code. In this example, the full path of the file on the device is C:/data/test/bin/filename.txt.
-
-```xml
-
- 3
- 1
- 2
-
-
- ./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/filename.txt
-
-
- b64
- application/octet-stream
-
- aGVsbG8gd29ybGQ=
-
-
-```
-
-The following example shows how to push a file to the device.
-
-```xml
-
- 2
-
-
- ./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/new.txt
-
-
- b64
- application/octet-stream
-
- aGVsbG8gd29ybGQ=
-
-
-```
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md b/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
deleted file mode 100644
index 7efb54af20..0000000000
--- a/windows/client-management/mdm/enterpriseextfilesystem-ddf.md
+++ /dev/null
@@ -1,273 +0,0 @@
----
-title: EnterpriseExtFileSystem DDF
-description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExtFileSystem configuration service provider (CSP).
-ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: manikadhiman
-ms.date: 12/05/2017
----
-
-# EnterpriseExtFileSystem DDF
-
-
-This topic shows the OMA DM device description framework (DDF) for the **EnterpriseExtFileSystem** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-
-```xml
-
-]>
-
- 1.2
-
- EnterpriseExtFileSystem
- ./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Persistent
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Files_abc1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Files
-
-
-
-
-
-
- Directory_abc2
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Directory
-
- text/plain
-
-
-
-
-
- NonPersistent
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Files_abc3
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Files
-
- text/plain
-
-
-
-
- Directory_abc4
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Directory
-
- text/plain
-
-
-
-
-
- OemProfile
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Directory_abc5
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Directory
-
- text/plain
-
-
-
-
- Files_abc6
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Files
-
- text/plain
-
-
-
-
-
-
-```
-
-## Related topics
-
-
-[EnterpriseExtFileSystem configuration service provider](enterpriseextfilessystem-csp.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 7929c9bf66..38daca74a6 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -20,7 +20,8 @@ The EnterpriseModernAppManagement configuration service provider (CSP) is used f
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
The following shows the EnterpriseModernAppManagement configuration service provider in tree format.
-```
+
+```console
./Vendor/MSFT
EnterpriseModernAppManagement
----AppManagement
@@ -68,7 +69,7 @@ EnterpriseModernAppManagement
For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
> [!Note]
-> Windows Holographic and Windows 10 Mobile only support per-user configuration of the EnterpriseModernAppManagement CSP.
+> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
**AppManagement**
Required. Used for inventory and app management (post-install).
@@ -120,7 +121,7 @@ Query parameters:
- Bundle - returns installed bundle packages.
- Framework - returns installed framework packages.
- Resource - returns installed resources packages. Resources are either language, scale, or DirectX resources. They are parts of a bundle.
- - XAP - returns XAP package types. This filter is not supported on devices other than Windows Mobile.
+ - XAP - returns XAP package types. This filter is only supported on Windows Mobile.
- All - returns all package types.
If no value is specified, the combination of Main, Bundle, and Framework are returned.
@@ -451,7 +452,8 @@ Valid values:
**Examples:**
Add an app to the nonremovable app policy list
-```
+
+```xml
@@ -472,7 +474,8 @@ Add an app to the nonremovable app policy list
```
Get the status for a particular app
-```
+
+```xml
@@ -491,7 +494,8 @@ Get the status for a particular app
Replace an app in the nonremovable app policy list
Data 0 = app is not in the app policy list
Data 1 = app is in the app policy list
-```
+
+```xml
@@ -678,13 +682,3 @@ Subsequent query for a specific app for its properties.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 237000b2f0..4ffad48863 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 10/01/2019
---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index f8b15504cc..53de7e899e 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index c9219f4340..3ac910ac33 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 03/02/2018
ms.reviewer:
manager: dansimp
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index f7d0851746..1649e9b5ca 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 03/02/2018
---
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index b2dca22fe1..254ba46424 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: manikadhiman
+author: dansimp
ms.date: 07/28/2017
---
@@ -16,9 +16,9 @@ ms.date: 07/28/2017
This section provides an example of the mobile device enrollment protocol using federated authentication policy. When the authentication policy is set to Federated, the web authentication broker is leveraged by the enrollment client to get a security token. The enrollment client calls the web authentication broker API within the response message to start the process. The server should build the web authentication broker pages to fit the device screen and should be consistent with the existing enrollment UI. The opaque security token that is returned from the broker as an end page is used by the enrollment client as the device security secret during the client certificate request call.
-The <AuthenticationServiceURL> element the discovery response message specifies web authentication broker page start URL.
+The `` element the discovery response message specifies web authentication broker page start URL.
-For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
## In this topic
@@ -26,7 +26,7 @@ For details about the Microsoft mobile device enrollment protocol for Windows 1
[Enrollment policy web service](#enrollment-policy-web-service)
[Enrollment web service](#enrollment-web-service)
-For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
+For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
## Discovery service
@@ -35,7 +35,7 @@ The discovery web service provides the configuration information necessary for a
> [!NOTE]
> The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
-The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
+The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: `http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc`.
The first request is a standard HTTP GET request.
@@ -146,7 +146,7 @@ A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse
The following are the explicit requirements for the server.
-- The <DiscoveryResponse><AuthenticationServiceUrl> element must support HTTPS.
+- The ```` element must support HTTPS.
- The authentication server must use a device trusted root certificate. Otherwise, the WAP call will fail.
- WP doesn’t support Windows Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device.
@@ -156,8 +156,8 @@ The enrollment client issues an HTTPS request as follows:
AuthenticationServiceUrl?appru=&login_hint=
```
-- <appid> is of the form ms-app://string
-- <User Principal Name> is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
+- `` is of the form ms-app://string
+- `` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter.
@@ -191,7 +191,7 @@ Content-Length: 556
-
-Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
-
-Application example:
-```xml
-