deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged files from master

Browse Source
This commit is contained in:
ManikaDhiman 2020-05-11 10:32:21 -07:00
commit 0dc091f552
149 changed files with 4356 additions and 4085 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.openpublishing.redirection.json
View File

@ -14482,6 +14482,46 @@
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-surface-hub.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-admx-backed.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
"redirect_document_id": true
@ -15880,6 +15920,11 @@
"source_path": "windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
"redirect_document_id": true
}
]
}

4
devices/hololens/TOC.md
View File

@ -5,7 +5,7 @@
## [Get your HoloLens 2 ready to use](hololens2-setup.md)
## [Set up your HoloLens 2](hololens2-start.md)
## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md)
## [HoloLens 2 cleaning FAQ](hololens2-maintenance.md)
## [Supported languages for HoloLens 2](hololens2-language-support.md)
## [Getting around HoloLens 2](hololens2-basic-usage.md)
@ -40,7 +40,6 @@
## [Set up HoloLens as a kiosk](hololens-kiosk.md)
# Holographic applications
## [Use 3D Viewer on HoloLens](holographic-3d-viewer-beta.md)
## [Find, install, and uninstall applications](holographic-store-apps.md)
## [Manage custom apps for HoloLens](holographic-custom-apps.md)
@ -67,6 +66,7 @@
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f)
# Resources
## [Use 3D Viewer on HoloLens (1st gen)](holographic-3d-viewer-beta.md)
## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md)
# [HoloLens release notes](hololens-release-notes.md)

70
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -1,6 +1,6 @@
---
title: Using 3D Viewer Beta on HoloLens
description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
title: Using 3D Viewer on HoloLens (1st gen)
description: Describes the types of files and features that 3D Viewer on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
@ -15,16 +15,16 @@ appliesto:
- HoloLens (1st gen)
---
# Using 3D Viewer Beta on HoloLens
# Using 3D Viewer on HoloLens (1st gen)
3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
3D Viewer lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
>[!NOTE]
>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
>This article applies to the immersive Unity **3D Viewer** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
@ -86,14 +86,14 @@ If you're having trouble after reading these topics, see [Troubleshooting](#trou
### File and model limitations
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta:
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer:
- 500 MB maximum file size per model
- Vertices: 600,000 combined on all open models
- Meshes: 1,600 combined on all open models
- Maximum of 40 models open at one time
## Optimizing 3D models for 3D Viewer Beta
## Optimizing 3D models for 3D Viewer
### Special considerations
@ -103,9 +103,9 @@ There are hard limits on the size of files, as well as the number of models, ver
### Performance optimization
Keep performance in mind while authoring content and validate in the 3D Viewer Beta app on HoloLens during the authoring process for best results. 3D Viewer Beta renders content real-time and performance is subject to HoloLens hardware capabilities.
Keep performance in mind while authoring content and validate in the 3D Viewer app on HoloLens during the authoring process for best results. 3D Viewer renders content real-time and performance is subject to HoloLens hardware capabilities.
There are many variables in a 3D model that can impact performance. 3D Viewer Beta will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta (see [File and model limitations](#file-and-model-limitations)).
There are many variables in a 3D model that can impact performance. 3D Viewer will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer (see [File and model limitations](#file-and-model-limitations)).
If the 3D model isn't running well due to model complexity, consider:
@ -113,17 +113,17 @@ If the 3D model isn't running well due to model complexity, consider:
- Reducing number of bones in rigged animation
- Avoiding self-occlusion
Double-sided rendering is supported in 3D Viewer Beta, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
Double-sided rendering is supported in 3D Viewer, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
### Validating your 3D model
Validate your model by opening it in 3D Viewer Beta on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
Validate your model by opening it in 3D Viewer on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
### Rendering 3D models with true-to-life dimensions
By default, 3D Viewer Beta displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
By default, 3D Viewer displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer is 1 meter per FBX unit.
## Viewing FBX files on HoloLens
@ -133,71 +133,71 @@ FBX files can be opened directly from a website using Microsoft Edge on HoloLens
1. In Microsoft Edge, navigate to the webpage containing the FBX file you want to view.
1. Select the file to download it.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer Beta.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer.
The downloaded file can be accessed and opened again later by using Downloads in Microsoft Edge. To save a 3D model and ensure continued access, download the file on your PC and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> [!NOTE]
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer Beta cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
### Open an FBX file from OneDrive
FBX files can be opened from OneDrive by using the OneDrive app on HoloLens. Be sure you've installed OneDrive using Microsoft Store app on HoloLens and that you've already uploaded the FBX file to OneDrive on your PC.
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer Beta in one of two ways:
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer in one of two ways:
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer Beta.
- Launch 3D Viewer Beta, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer.
- Launch 3D Viewer, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
## Troubleshooting
### I see a warning when I open a 3D model
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer Beta, or if the model is too complex and performance may be affected. 3D Viewer Beta will still load the 3D model, but performance or visual fidelity may be compromised.
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer, or if the model is too complex and performance may be affected. 3D Viewer will still load the 3D model, but performance or visual fidelity may be compromised.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I see a warning and the 3D model doesn't load
You will see an error message when 3D Viewer Beta cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
You will see an error message when 3D Viewer cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
For more info, see [Supported content specifications](#supported-content-specifications) and [File and model limitations](#file-and-model-limitations).
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer Beta team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
### My 3D model loads, but does not appear as expected
If your 3D model does not look as expected in 3D Viewer Beta, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer Beta will be highlighted as warnings.
If your 3D model does not look as expected in 3D Viewer, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer will be highlighted as warnings.
The most common issue you might see is missing textures, likely because they are not embedded in the FBX file. In this case, the model will appear white. This issue can be addressed in the creation process by exporting from your creation tool to FBX with the embed textures option selected.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I experience performance drops while viewing my 3D model
Performance when loading and viewing a 3D model can be affected by the complexity of the model, number of models open simultaneously, or number of models with active animations.
For more info, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta) and [File and model limitations](#file-and-model-limitations).
For more info, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer) and [File and model limitations](#file-and-model-limitations).
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer Beta
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer
3D Viewer Beta is automatically associated with the .fbx file extension when it is installed.
3D Viewer is automatically associated with the .fbx file extension when it is installed.
If you try to open an FBX file and see a dialog box that directs you to Microsoft Store, you do not currently have an app associated with the .fbx file extension on HoloLens.
Verify that 3D Viewer Beta is installed. If it is not installed, download it from Microsoft Store on HoloLens.
Verify that 3D Viewer is installed. If it is not installed, download it from Microsoft Store on HoloLens.
If 3D Viewer Beta is already installed, launch 3D Viewer Beta, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer Beta. This will re-associate the .fbx file extension with 3D Viewer Beta.
If 3D Viewer is already installed, launch 3D Viewer, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer. This will re-associate the .fbx file extension with 3D Viewer.
If attempting to open an FBX file opens an app other than 3D Viewer Beta, that app was likely installed after 3D Viewer Beta and has taken over association with the .fbx file extension. If you prefer 3D Viewer Beta to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer Beta.
If attempting to open an FBX file opens an app other than 3D Viewer, that app was likely installed after 3D Viewer and has taken over association with the .fbx file extension. If you prefer 3D Viewer to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer.
### The Open File button in 3D Viewer Beta doesn't launch an app
### The Open File button in 3D Viewer doesn't launch an app
The **Open File** button will open the app associated with the file picker function on HoloLens. If OneDrive is installed, the **Open File** button should launch OneDrive. However, if there is currently no app associated with the file picker function installed on HoloLens, you will be directed to Microsoft Store.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer Beta, uninstall and reinstall OneDrive.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer, uninstall and reinstall OneDrive.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer Beta at one time. If you have 40 models open in 3D Viewer Beta, you will need to close some before you will be able to open additional models.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer at one time. If you have 40 models open in 3D Viewer, you will need to close some before you will be able to open additional models.
## Additional resources

20
devices/hololens/hololens2-hardware.md
View File

@ -135,26 +135,6 @@ In order to maintain/advance Internal Battery Charge Percentage while the device
HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
## Care and cleaning
Handle your HoloLens carefully. Use the headband to lift and carry the HoloLens 2.
As you would for eyeglasses or protective eye-wear, try to keep the HoloLens visor free of dust and fingerprints. When possible, avoid touching the visor. Repeated cleaning could damage the visor, so keep your device clean!
Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it.
To clean the visor, remove any dust by using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion.
Clean the rest of the device, including the headband and device arms, with a lint-free microfiber cloth moistened with mild soap and water. Let your HoloLens dry completely before reuse.
![Image that shows how to clean the visor](images/hololens-cleaning-visor.png)
### Replace the brow pad
The brow pad is magnetically attached to the device. To detach it, pull gently away. To replace it, snap it back into place.
![Remove or replace the brow pad](images/hololens2-remove-browpad.png)
## Next step
> [!div class="nextstepaction"]

4
devices/hololens/hololens2-maintenance.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens 2 device care and cleaning FAQ
title: HoloLens 2 cleaning FAQ
description:
author: Teresa-Motiv
ms.author: v-tea
@ -17,7 +17,7 @@ appliesto:
- HoloLens 2
---
# Frequently asked questions about cleaning HoloLens 2 devices
# HoloLens 2 cleaning FAQ
> [!IMPORTANT]
> Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection.

3
devices/surface/TOC.md
View File

@ -4,6 +4,9 @@
## Overview
### [What's new in Surface Dock 2](surface-dock-whats-new.md)
### [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md)
### [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md)
### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7)
### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x)
### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3)

14
devices/surface/battery-limit.md
View File

@ -6,12 +6,13 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.reviewer:
manager: laurawi
ms.author: v-jokai
ms.reviewer: jesko
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
manager: laurawi
audience: itpro
ms.date: 5/06/2020
---
# Battery Limit setting
@ -32,6 +33,11 @@ The Surface UEFI Battery Limit setting can be configured by booting into Surface
![Screenshot of Advanced options](images/enable-bl.png)
## Enabling battery limit on Surface Go and Surface Go 2
The Surface Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **boot configuration**, and then, under **Kiosk Mode**, move the slider to the right to set Battery Limit to **Enabled**.
![Screenshot of Kiosk Mode Battery Limit in Surface Go](images/go-batterylimit.png)
## Enabling Battery Limit in Surface UEFI (Surface Pro 3)
The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **Kiosk Mode**, select **Battery Limit**, and then choose **Enabled**.

4
devices/surface/enroll-and-configure-surface-devices-with-semm.md
View File

@ -57,8 +57,10 @@ To create a Surface UEFI configuration package, follow these steps:
6. Click **Password Protection** to add a password to Surface UEFI. This password will be required whenever you boot to UEFI. If this password is not entered, only the **PC information**, **About**, **Enterprise management**, and **Exit** pages will be displayed. This step is optional.
7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
> [!NOTE]
> You must select a device as none are selected by default.
![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility")
![Choose devices for package compatibility](images/surface-semm-enroll-fig3.jpg "Choose devices for package compatibility")
*Figure 3. Choose the devices for package compatibility*

23
devices/surface/get-started.yml
View File

@ -24,18 +24,19 @@ landingContent:
linkLists:
- linkListType: overview
links:
- text: Surface Go 2 for Business
url: https://www.microsoft.com/surface/business/surface-go-2
- text: Surface Book 3 for Business
url: https://www.microsoft.com/surface/business/surface-book-3
- text: Surface Pro 7 for Business
url: https://www.microsoft.com/surface/business/surface-pro-7
- text: Surface Pro X for Business
url: https://www.microsoft.com/surface/business/surface-pro-x
- text: Surface Laptop 3 for Business
url: https://www.microsoft.com/surface/business/surface-laptop-3
- text: Surface Book 2 for Business
url: https://www.microsoft.com/surface/business/surface-book-2
- text: Surface Studio 2 for Business
url: https://www.microsoft.com/surface/business/surface-studio-2
- text: Surface Go
url: https://www.microsoft.com/surface/business/surface-go
- linkListType: video
links:
- text: Microsoft Mechanics Surface videos
@ -46,10 +47,16 @@ landingContent:
linkLists:
- linkListType: get-started
links:
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
- text: Surface Book 3 GPU technical overview
url: surface-book-gpu-overview.md
- text: Surface Book 3 Quadro RTX 3000 technical overview
url: surface-book-quadro.md
- text: Whats new in Surface Dock 2
url: surface-dock-whats-new.md
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
# Card
- title: Deploy Surface devices

BIN
devices/surface/images/enable-bl.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 235 KiB

After

Width:  |  Height:  |  Size: 289 KiB

BIN
devices/surface/images/go-batterylimit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 177 KiB

BIN
devices/surface/images/graphics-settings2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
devices/surface/images/surface-deployment-accelerator.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
devices/surface/images/surface-dock2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
devices/surface/images/surface-semm-enroll-fig3.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

131
devices/surface/microsoft-surface-deployment-accelerator.md
View File

@ -11,134 +11,33 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
ms.date: 5/08/2020
---
# Microsoft Surface Deployment Accelerator
Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
> [!NOTE]
> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
Redesigned in April 2020 to simplify and automate deployment of Surface images in a corporate environment, the
SDA tool allows you to build a “factory-like” Windows image that you can customize to your organizational requirements.
SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
The open source, script-driven SDA tool leverages the Windows Assessment and Deployment Kit (ADK) for Windows 10, facilitating the creation of Windows images (WIM) in test or production environments. If the latest ADK is not already installed, it will be downloaded and installed when running the SDA tool.
**Download Microsoft Surface Deployment Accelerator**
The resulting image closely matches the configuration of Bare Metal Recovery (BMR) images, without any pre-installed applications such as Microsoft Office or the Surface UWP application.
You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
**To run SDA:**
1. Go to the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page on the Microsoft Download Center.
1. Go to [SurfaceDeploymentAccelerator](https://github.com/microsoft/SurfaceDeploymentAccelerator) on GitHub.
2. Select **Clone or Download** and review the Readme file.
3. Edit the script with the appropriate variables for your environment, as documented in the Readme, and review before running it in your test environment.
2. Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**.
![Running Surface Deployment Accelerator tool](images/surface-deployment-accelerator.png)
## Microsoft Surface Deployment Accelerator prerequisites
Before you install SDA, your environment must meet the following prerequisites:
- SDA must be installed on Windows Server 2012 R2 or later
- PowerShell Script Execution Policy must be set to **Unrestricted**
- DHCP and DNS must be enabled on the network where the Windows Server 2012 R2 environment is connected
- To download Surface drivers and apps automatically the Windows Server 2012 R2 environment must have Internet access and Internet Explorer Enhanced Security Configuration must be disabled
- To support network boot, the Windows Server 2012 R2 environment must have Windows Deployment Services installed and configured to respond to PXE requests
- Access to Windows source files or installation media is required when you prepare a deployment with SDA
- At least 6 GB of free space for each version of Windows you intend to deploy
## How Microsoft Surface Deployment Accelerator works
As you progress through the SDA wizard, you will be asked some basic questions about how your deployment solution should be configured. As you select the desired Surface models to be supported and apps to be installed (see Figure 1), the wizard will prepare scripts that download, install, and configure everything needed to perform a complete deployment and capture of a reference image. By using the network boot (PXE) capabilities of Windows Deployment Services (WDS), the resulting solution enables you to boot a Surface device from the network and perform a clean deployment of Windows.
![Software and driver selection window](images/sda-fig1-select-steps.png "Software and driver selection window")
*Figure 1. Select desired apps and drivers*
When the SDA completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the SDA wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device.
You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt#sec04), or to [pause the automated installation routine](https://blogs.technet.microsoft.com/mniehaus/2009/06/26/mdt-2010-new-feature-3-suspend-and-resume-a-lite-touch-task-sequence/). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
>[!NOTE]
>With SDA v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
 
## <a href="" id="use-microsoft-surface-deployment-accelerator-without-an-internet-connection--"></a>Use Microsoft Surface Deployment Accelerator without an Internet connection
For environments where the SDA server will not be able to connect to the Internet, the required Surface files can be downloaded separately. To specify a local source for Surface driver and app files, select the **Copy from a local directory** option and specify the location of your downloaded files (see Figure 2). All of the driver and app files for your selected choices must be placed in the specified folder.
![Specify a local source for Surface driver and app files](images/sda-fig2-specify-local.png "Specify a local source for Surface driver and app files")
*Figure 2. Specify a local source for Surface driver and app files*
You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
>[!NOTE]
>Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.
>[!NOTE]
>Using files from a local directory is not supported when including Office 365 in your deployment share. To include Office 365 in your deployment share, select the **Download from the Internet** check box.
## Changes and updates
SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator).
>[!NOTE]
>To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.
### Version 2.8.136.0
This version of SDA supports deployment of the following:
* Surface Book 2
* Surface Laptop
* Surface Pro LTE
### Version 2.0.8.0
This version of SDA supports deployment of the following:
* Surface Pro
>[!NOTE]
>SDA version 2.0.8.0 includes support only for Surface Pro, and does not support other Surface devices such as Surface Pro 4 or Surface Book. To deploy these devices, please continue to use SDA version 1.96.0405.
 
### Version 1.96.0405
This version of SDA adds support for the following:
* Microsoft Deployment Toolkit (MDT) 2013 Update 2
* Office 365 Click-to-Run
* Surface 3 and Surface 3 LTE
* Reduced Windows Assessment and Deployment Kit (Windows ADK) footprint, only the following Windows ADK components are installed:
* Deployment tools
* Windows Preinstallation Environment (WinPE)
* User State Migration Tool (USMT)
### Version 1.90.0258
This version of SDA adds support for the following:
* Surface Book
* Surface Pro 4
* Windows 10
### Version 1.90.0000
This version of SDA adds support for the following:
* Local driver and app files can be used to create a deployment share without access to the Internet
### Version 1.70.0000
This version is the original release of SDA. This version of SDA includes support for:
* MDT 2013 Update 1
* Windows ADK
* Surface Pro 3
* Windows 8.1
## Related topics
[Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
[Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
## Related links
- [Open source image deployment tool released on GitHub](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/open-source-image-deployment-tool-released-on-github/ba-p/1314115)
- [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install)

166
devices/surface/surface-book-gpu-overview.md Normal file
View File

@ -0,0 +1,166 @@
---
title: Surface Book 3 GPU technical overview
description: This article provides a technical evaluation of GPU capabilities across Surface Book 3 models.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Surface Book 3 GPU technical overview
## Introduction
Surface Book 3, the most powerful Surface laptop yet released, integrates fully modernized compute and graphics capabilities into its famous detachable form factor. Led by the quad-core 10th Gen Intel® Core™ i7 and NVIDIA® Quadro RTX™ 3000 graphical processing unit (GPU) on the 15-inch model, Surface Book 3 comes in a wide range of configurations for consumers, creative professionals, architects, engineers, and data scientists. This article explains the major differences between the GPU configurations across 13-inch and 15-inch models of Surface Book 3.
A significant differentiator across Surface Book 3 models is the GPU configuration. In addition to the integrated Intel GPU built into all models, all but the entry-level, 13.5-inch core i5 device also feature a discrete NVIDIA GPU with Max-Q Design, which incorporates features that optimize energy efficiency for mobile form factors.
Built into the keyboard base, the additional NVIDIA GPU provides advanced graphics rendering capabilities and comes in two primary configurations: GeForce® GTX® 1650/1660 Ti for consumers or creative professionals and Quadro RTX 3000 for creative professionals, engineers, and other business professionals who need advanced graphics or deep learning capabilities. This article also describes how to optimize app utilization of GPUs by specifying which apps should use the integrated iGPU versus the discrete NVIDIA GPU.
## Surface Book 3 GPUs
This section describes the integrated and discrete GPUs across Surface Book 3 models. For configuration details of all models, refer to [Appendix A: Surface Book 3 SKUs](#).
### Intel Iris™ Plus Graphics
The integrated GPU (iGPU) included on all Surface Book 3 models incorporates a wider graphics engine and a redesigned memory controller with support for LPDDR4X. Installed as the secondary GPU on most Surface Book 3 models, Intel Iris Plus Graphics functions as the singular GPU in the core i5, 13.5-inch model. Although nominally the entry level device in the Surface Book 3 line, it delivers advanced graphics capabilities enabling consumers, hobbyists, and online creators to run the latest productivity software like Adobe Creative Cloud or enjoy gaming titles in 1080p.
### NVIDIA GeForce GTX 1650
NVIDIA GeForce GTX 1650 with Max-Q design delivers a major upgrade of the core streaming multiprocessor to more efficiently handle the complex graphics of modern games. Its
concurrent execution of floating point and integer operations boosts performance in compute-heavy workloads of modern games. A new unified memory architecture with twice the cache of its predecessor allows for better performance on complex modern games. New shading advancements improve performance, enhance image quality, and deliver new levels of geometric complexity.
### NVIDIA GeForce GTX 1660 Ti
Compared with the GeForce GTX 1650, the faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements and includes the new and upgraded NVIDIA Encoder, making it better for consumers, gamers, live streamers, and creative professionals.
Thanks to 6 GB of GDDR6 graphics memory, Surface Book 3 models equipped with NVIDIA GeForce GTX 1660 TI provide superior speeds on advanced business productivity software and popular games especially when running the most modern titles or livestreaming. With an optional 2 TB SSD (available in U.S. only), the 15-inch model with GeForce GTX 1660 Ti delivers the most storage of any Surface Book 3 device.
### NVIDIA Quadro RTX 3000
NVIDIA Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance. A combination of 30 RT cores, 240 tensor cores, and 6 GB of GDDR6 graphics memory enables multiple advanced workloads including Al-powered workflows, 3D content creation, advanced video editing, professional broadcasting, and multi-app workflows. Enterprise level hardware and software support integrate deployment tools to maximize uptime and minimize IT support requirements. Certified for the worlds most advanced software, Quadro drivers are optimized for professional applications, and are tuned, tested, and validated to provide app certification, enterprise level stability, reliability, availability, and support with extended product availability.
## Comparing GPUs across Surface Book 3
NVIDIA GPUs provide users with great performance for gaming, live streaming, and content creation. GeForce GTX products are great for gamers and content creators. Quadro RTX products are targeted at professional users, provide great performance in gaming and content creation, and also add the following features:
- RTX acceleration for ray tracing and AI. This makes it possible to render film-quality, photorealistic objects and environments with physically accurate shadows, reflections and refractions. And its hardware accelerated AI capabilities means the advanced AI-based features in popular applications can run faster than ever before.
- Enterprise-level hardware, drivers and support, as well as ISV app certifications.
- IT management features including an additional layer of dedicated enterprise tools for remote management that help maximize uptime and minimize IT support requirements.
Unless you count yourself among the ranks of advanced engineering, design, architecture, or data science professionals, Surface Book 3 equipped with NVIDIA GeForce graphics capabilities will likely meet your needs. Conversely, if youre already in -- or aspiring to join -- a profession that requires highly advanced graphics capabilities in a portable form factor that lets you work from anywhere, Surface Book 3 with Quadro RTX 3000 deserves serious consideration. To learn more, refer to the Surface Book 3 Quadro RTX 3000 technical overview.
**Table 1. Discrete GPUs on Surface Book 3**
| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** |
| -------------------- | -------------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
| **Target users** | Gamers, hobbyists and online creators | Gamers, creative professionals and online creators | Creative professionals, architects, engineers, developers, data scientists |
| **Workflows** | Graphic design<br>Photography<br>Video | Graphic design<br>Photography<br>Video | Al-powered Workflows <br>App certifications<br>High-res video<br>Pro broadcasting<br>Multi-app workflows |
| **Key apps** | Adobe Creative Suite | Adobe Creative Suite | Adobe Creative Suite<br>Autodesk AutoCAD<br>Dassault Systemes SolidWorks |
| **GPU acceleration** | Video and image processing | Video and image processing | Ray tracing + AI + 6K video<br>Pro broadcasting features<br>Enterprise support |
**Table 2. GPU tech specs on Surface Book 3**
| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** |
| -------------------------------------------------------- | -------------------- | ----------------------- | ------------------- |
| **NVIDIA CUDA processing cores** | 1024 | 1536 | 1920 |
| **NVIDIA Tensor Cores** | No | No | 240 |
| **NVIDIA RT Cores** | No | No | 30 |
| **GPU memory** | 4 GB | 6 GB | 6 GB |
| **Memory Bandwidth (GB/sec)** | Up to 112 | Up to 288 | Up to 288 |
| **Memory type** | GDDR5 | GDDR6 | GDDR6 |
| **Memory interface** | 128-bit | 192-bit | 192-bit |
| **Boost clock MHz** | 1245 | 1425 | 1305 |
| **Base clock (MHz)** | 1020 | 1245 | 765 |
| **Real-time ray tracing** | No | No | Yes |
| **AI hardware acceleration** | No | No | Yes |
| **Hardware Encoder** | Yes | Yes | Yes |
| **Game Ready Driver (GRD)** | Yes <sup>1</sup> | Yes <sup>1</sup> |Yes <sup>2</sup>
| **Studio Driver (SD)** | Yes <sup>1</sup> | Yes<sup>1</sup> | Yes <sup>1</sup> |
| **Optimal Driver for Enterprise (ODE)** | No | No | Yes |
| **Quadro New Feature Driver (QNF)** | No | No | Yes |
| **Microsoft DirectX 12 API, Vulkan API, Open GL 4.6** | Yes | Yes | Yes |
| **High-bandwidth Digital Content Protection (HDCP) 2.2** | Yes | Yes | Yes |
| **NVIDIA GPU Boost** | Yes | Yes | Yes |
1. *Recommended*
2. *Supported*
## Optimizing power and performance on Surface Book 3
Windows 10 includes a Battery Saver mode with a performance slider that lets you maximize app performance (by sliding it to the right) or preserve battery life (by sliding it to the left). Surface Book 3 implements this functionality algorithmically to optimize power and performance across the following components:
- CPU Energy Efficiency Registers (Intel Speed Shift technology) and other SoC tuning parameters to maximize efficiency.
- Fan Maximum RPM with four modes: quiet, nominal, performance, and max.
- Processor Power Caps (PL1/PL2).
- Processor IA Turbo limitations.
By default, when the battery drops below 20 percent, the Battery Saver adjusts settings to extend battery life. When connected to power, Surface Book 3 defaults to “Best Performance” settings to ensure apps run in high performance mode on the secondary NVIDIA GPU present on all i7 Surface Book 3 systems.
Using default settings is recommended for optimal performance when used as a laptop or detached in tablet or studio mode. You can access Battery Saver by selecting the battery icon on the far right of the taskbar.
### Game mode
Surface Book 3 includes a new game mode that automatically selects maximum performance settings when launched.
### Safe Detach
New in Surface Book 3, apps enabled for Safe Detach let you disconnect while the app is using the GPU. For supported apps like *World of Warcraft*, your work is moved to the iGPU.
### Modifying app settings to always use a specific GPU
You can switch between the power-saving but still capable built-in Intel graphics and the more powerful discrete NVIDIA GPU and associate a GPU with a specific app. By default, Windows 10 automatically chooses the appropriate GPU, assigning graphically demanding apps to the discrete NVIDIA GPU. In most instances there is no need to manually adjust these settings. However, if you frequently detach and reattach the display from the keyboard base while using a graphically demanding app, youll typically need to close the app prior to detaching. To enable continuous use of the app without having to close it every time you detach or reattach the display, you can assign it to the integrated GPU, albeit with some loss of graphics performance.
In some instances, Windows 10 may assign a graphically demanding app to be iGPU; for example, if the app is not fully optimized for hybrid graphics. To remedy this, you can manually assign the app to the discrete NVIDIA GPU.
**To configure apps using custom per-GPU options:**
1. Go to **Settings** > **System** > **Display** and select **Graphics Settings**.
1. For a Windows desktop program, choose **Classic App** > **Browse** and then locate the program.
2. For a UWP app, choose **Universal App** and then select the app from the drop-down list.
2. Select **Add** to create a new entry on the list for your selected program, select Options to open Graphics Specifications, and then select your desired option.
![Select power saving or high performance GPU options](./images/graphics-settings2.png)
3. To verify which GPU are used for each app, open **Task Manager,** select **Performance,** and view the **GPU Engine** column.
## Appendix A: Surface Book 3 SKUs
| **Display** | **Processor** | **GPU** | **RAM** | **Storage** |
| ------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------- | ----------- |
| **13.5-inch** | Quad-core 10th Gen Core i5-1035G7 | Intel Iris™ Plus Graphics | 16 LPDDR4x | 256 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 16 LPDDR4x | 256 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 512 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 1 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 16 LPDDR4x | 256 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 2 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
> [!NOTE]
> 2TB SSD available in U.S. only: Surface Book 3 15” with NVIDIA GTX 1660Ti
## Summary
Built for performance, Surface Book 3 includes different GPU configurations optimized to meet specific workload and use requirements. An integrated Intel Iris graphics GPU functions as the sole GPU on the entry-level core i5 device and as a secondary GPU on all other models. GeForce GTX 1650 features a major upgrade of the core streaming multiprocessor to run complex graphics more efficiently. The faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements making it better for consumers, gamers, live streamers, and creative professionals. Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance.
## Learn more
- [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md)
- [Surface for Business](https://www.microsoft.com/surface/business)

136
devices/surface/surface-book-quadro.md Normal file
View File

@ -0,0 +1,136 @@
---
title: Surface Book 3 GPU technical overview
description: This article describes the advanced capabilities enabled by Nvidia Quadro RTX 3000 in select Surface Book 3 for Business 15-inch models.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Surface Book 3 Quadro RTX 3000 technical overview
Surface Book 3 for Business powered by the NVIDIA® Quadro RTX™ 3000 GPU is built for professionals who need real-time rendering, AI acceleration, and advanced graphics and compute performance in a portable form factor. Quadro RTX 3000 fundamentally changes what you can do with the new Surface Book 3:
- **Ray Tracing** - Produce stunning renders, designs and animations faster than ever before with 30 RT Cores for hardware-accelerated ray tracing.
- **Artificial Intelligence** - Remove redundant, tedious tasks and compute intensive work with 240 Tensor Cores for GPU-accelerated AI.
- **Advanced Graphics and Compute Technology** - Experience remarkable speed and interactivity during your most taxing graphics and compute workloads with 1,920 CUDA Cores and 6GB of GDDR6 memory.
## Enterprise grade solution
Of paramount importance to commercial customers, Quadro RTX 3000 brings a fully professional grade solution that combines accelerated ray tracing and deep learning capabilities with an integrated enterprise level management and support solution. Quadro drivers are tested and certified for more than 100 professional applications by leading ISVs providing an additional layer of quality assurance to validate stability, reliability, and performance.
Quadro includes dedicated enterprise tools for remote management of Surface Book 3 devices with Quadro RTX 3000. IT admins can remotely configure graphics systems, save/restore configurations, continuously monitor graphics systems and perform remote troubleshooting if necessary. These capabilities along with deployment tools help maximize uptime and minimize IT support requirements.
NVIDIA develops and maintains Quadro Optimal Drivers for Enterprise (ODE) that are tuned, tested, and validated to provide enterprise level stability, reliability, availability, and support with extended product availability. Each driver release involves more than 2,000 man days of testing with professional applications test suites and test cases, as well as WHQL certification. Security threats are continually monitored, and regular security updates are released to protect against newly discovered vulnerabilities. In addition, Quadro drivers undergo an additional layer of testing by Surface engineering prior to release via Windows Update.
## Built for compute-intensive workloads
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, enabling advanced professionals to work from anywhere.
- **Creative professionals such as designers and animators.** Quadro RTX enables real-time cinematic-quality rendering through Turing-optimized ray tracing APIs such as NVIDIA OptiX, Microsoft DXR, and Vulkan.
- **Architects and engineers using large, complex computer aided design (CAD) models and assemblies.** The RTX platform features the new NGX SDK to infuse powerful AI-enhanced capabilities into visual applications. This frees up time and resources through intelligent manipulation of images, automation of repetitive tasks, and optimization of compute-intensive processes.
- **Software developers across manufacturing, media & entertainment, medical, and other industries.** Quadro RTX speeds application development with ray tracing, deep learning, and rasterization capabilities through industry-leading software SDKs and APIs.
- **Data scientists using Tensor Cores and CUDA cores to accelerate computationally intensive tasks and other deep learning operations.** By using sensors, increased connectivity, and deep learning, researchers and developers can enable AI applications for everything from autonomous vehicles to scientific research.
**Table 1. Quadro RTX 3000 performance features**
| **Component** | **Description** |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| RT cores | Dedicated hardware-based ray-tracing technology allows the GPU to render film quality, photorealistic objects and environments with physically accurate shadows, reflections, and refractions. The real-time ray-tracing engine works with NVIDIA OptiX, Microsoft DXR, and Vulkan APIs to deliver a level of realism far beyond what is possible using traditional rendering techniques. RT cores accelerate the Bounding Volume Hierarchy (BVH) traversal and ray casting functions using low number of rays casted through a pixel. |
| Enhanced tensor cores | Mixed-precision cores purpose-built for deep learning matrix arithmetic, deliver 8x TFLOPS for training compared with previous generation. Quadro RTX 3000 utilizes 240 Tensor Cores; each Tensor Core performs 64 floating point fused multiply-add (FMA) operations per clock, and each streaming multiprocessor (SM) performs a total of 1,024 individual floating-point operations per clock. In addition to supporting FP16/FP32 matrix operations, new Tensor Cores added INT8 (2,048 integer operations per clock) and experimental INT4 and INT1 (binary) precision modes for matrix operations. |
| Turing optimized software | Deep learning frameworks such as the Microsoft Cognitive Toolkit (CNTK), Caffe2, MXNet, TensorFlow, and others deliver significantly faster training times and higher multi-node training performance. GPU accelerated libraries such as cuDNN, cuBLAS, and TensorRT deliver higher performance for both deep learning inference and High-Performance Computing (HPC) applications. |
| NVIDIA CUDA parallel computing platform | Natively execute standard programming languages like C/C++ and Fortran, and APIs such as OpenCL, OpenACC and Direct Compute to accelerate techniques such as ray tracing, video and image processing, and computation fluid dynamics. |
| Advanced streaming multiprocessor (SM) architecture | Combined shared memory and L1 cache improve performance significantly, while simplifying programming and reducing the tuning required to attain best application performance. |
| High performance GDDR6 Memory | Quadro RTX 3000 features 6GB of frame buffer making it the ideal platform for handling large datasets and latency-sensitive applications. |
| Single instruction, multiple thread (SIMT) | New independent thread scheduling capability enables finer-grain synchronization and cooperation between parallel threads by sharing resources among small jobs. |
| Mixed-precision computing | 16-bit floating-point precision computing enables the training and deployment of larger neural networks. With independent parallel integer and floating-point data paths, the Turing SM handles workloads more efficiently using a mix of computation and addressing calculations. |
| Dynamic load balancing | Provides dynamic allocation capabilities of GPU resources for graphics and compute tasks as needed to maximize resource utilization. |
| Compute preemption | Preemption at the instruction-level provides finer grain control over compute tasks to prevent long-running applications from either monopolizing system resources or timing out. |
| H.264, H.265 and HEVC encode/decode engines | Enables faster than real-time performance for transcoding, video editing, and other encoding applications with two dedicated H.264 and HEVC encode engines and a dedicated decode engine that are independent of 3D/compute pipeline. |
| NVIDIA GPU boost 4.0 | Maximizes application performance automatically without exceeding the power and thermal envelope of the GPU. Allows applications to stay within the boost clock state longer under higher temperature threshold before dropping to a secondary temperature setting base clock. |
**Table 2. Quadro RTX tech specs**
| **Component** | **Description** |
| ---------------------------------------------------------- | --------------- |
| NVIDIA CUDA processing cores | 1,920 |
| NVIDIA RT Cores | 30 |
| Tensor Cores | 240 |
| GPU memory | 6 GB |
| Memory bandwidth | 288 Gbps |
| Memory type | GDDR6 |
| Memory interface | 192-bit |
| TGP max power consumption | 65W |
| Display port | 1.4 |
| OpenGL | 4.6 |
| Shader model | 5.1 |
| DirectX | 12.1 |
| PCIe generation | 3 |
| Single precision floating point performance (TFLOPS, Peak) | 5.4 |
| Tensor performance (TOPS, Peak) | 42.9 |
| NVIDIA FXAA/TX AA antialiasing | Yes |
| GPU direct for video | Yes |
| Vulkan support | Yes |
| NVIDIA 3D vision Pro | Yes |
| NVIDIA Optimus | Yes |
## App acceleration
The following table shows how Quadro RTX 3000 provides significantly faster acceleration across leading professional applications. It includes SPECview perf 13 benchmark test results comparing Surface Book 3 15-inch with NVIDIA Quadro RTX 3000 versus Surface Book 2 15-inch with NVIDIA GeForce GTX 1060 devices in market March 2020.
**Table 3. App acceleration on Surface Book 3 with Quadro RTX 3000**
| **App** | **Quadro RTX 3000 app acceleration capabilities**<br> |
| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Adobe Dimension | - RTX-accelerated ray tracing delivers photorealistic 3D rendering to 2D artists and designers. |
| Adobe Substance Alchemist | - Create and blend materials with ease, featuring RTX-accelerated AI. |
| Adobe Substance Painter | - Paint materials onto 3d models, featuring RTX accelerated bakers, and Iray RTX rendering which generates photorealistic imagery for interactive and batch rendering workflows. <br> |
| Adobe Substance Designer | - Author procedural materials featuring RTX accelerated bakers<br>- Uses NVIDIA Iray rendering including textures/substances and bitmap texture export to render in any Iray powered compatible with MDL.<br>- DXR-accelerated light and ambient occlusion baking. |
| Adobe Photoshop | - CUDA core acceleration enables faster editing with 30+ GPU-accelerated features such as blur gallery, liquify, smart sharpen, & perspective warp enable photographers and designers to modify images smoothly and quickly. |
| Adobe Lightroom | - Faster editing high res images with GPU-accelerated viewport, which enables the modeling of larger 3D scenes, and the rigging of more complex animations.<br>- GPU-accelerated image processing enables dramatically more responsive adjustments, especially on 4K or higher resolution displays.<br>- GPU-accelerated AI-powered “Enhance Details” for refining fine color detail of RAW images. |
| Adobe Illustrator | - Pan and zoom with GPU-accelerated canvas faster, which enables graphic designers and illustrators to pan across and zoom in and out of complex vector graphics smoothly and interactively. |
| Adobe<br>Premiere Pro | - Significantly faster editing and rendering video with GPU-accelerated effects vs CPU:<br>- GPU-accelerated effects with NVIDIA CUDA technology for real-time video editing and faster final frame rendering.<br>- GPU-accelerated AI Auto Reframe feature for intelligently converting landscape video to dynamically tracked portrait or square video. |
| Autodesk<br>Revit | - GPU-accelerated viewport for a smoother, more interactive design experience.<br>- Supports 3rd party GPU-accelerated 3D renderers such as V-Ray and Enscape. |
| Autodesk<br>3ds Max | - GPU-accelerated viewport graphics for fast, interactive 3D modelling and design.<br>- RTX-accelerated ray tracing and AI denoising ****with the default Arnold renderer.<br>- More than 70 percent faster compared with Surface Book 2 15”. |
| Autodesk<br>Maya | - RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.<br>- OpenGL Viewport Acceleration. |
| Dassault Systemes<br>Solidworks | - Solidworks Interactive Ray Tracer (Visualize) accelerated by both RT Cores and Tensor Cores; AI-accelerated denoiser.<br>- Runs more than 50% faster compared with Surface Book 2 15” |
| Dassault Systemes<br>3D Experience Platform | - CATIA Interactive Ray Tracer (Live Rendering) accelerated by RT Cores.<br>- Catia runs more than 100% faster compared with Surface Book 2 15. |
| ImageVis3D | - Runs more than 2x faster compared with Surface Book 2 15”.. |
| McNeel & Associates<br>Rhino 3D | - GPU-accelerated viewport for a smooth and interactive modelling and design experience.<br>- Supports Cycles for GPU-accelerated 3D rendering. |
| Siemens NX | - Siemens NX Interactive Ray Tracer (Ray Traced Studio) accelerated by RT Cores.<br>- Runs more than 10 x faster compared with Surface Book 2 15”.. |
| Esri ArcGIS | - Real-time results from what took days & weeks, due to DL inferencing leveraging tensor cores. |
| PTC Creo | - Creo's real-time engineering simulation tool (Creo Simulation Live) built on CUDA.<br>- Runs more than 15% faster compared with Surface Book 2 15”. |
| Luxion KeyShot | - 3rd party Interactive Ray Tracer used by Solidworks, Creo, and Rhino. Accelerated by RT Cores, OptiX™ AI-accelerated denoising. |
| ANSYS<br>Discovery Live | - ANSYS real-time engineering simulation tool (ANSYS Discovery Live) built on CUDA |
## SKUs
**Table 4. Surface Book 3 with Quadro RTX 3000 SKUs**
| **Display** | **Processor** | **GPU** | **RAM** | **Storage** |
| ----------- | --------------------------------- | ------------------------------------------------------------------------------------------------ | ---------- | ----------- |
| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
## Summary
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance on any Surface laptop, providing architects, engineers, developers, and data scientists with the tools they need to work efficiently from anywhere:
- RTX-acceleration across multiple workflows like design, animation, video production, and more.
- Desktop-grade performance in a mobile form factor.
- Enterprise-class features, reliability, and support for mission-critical projects.
## Learn more
- [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Microsoft Cognitive Toolkit (CNTK)](https://docs.microsoft.com/cognitive-toolkit/)

124
devices/surface/surface-dock-whats-new.md Normal file
View File

@ -0,0 +1,124 @@
---
title: Whats new in Surface Dock 2
description: This article highlights new features and functionality for the next generation Surface Dock.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Whats new in Surface Dock 2
Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. An extended set of management tools will be released via Windows update upon commercial distribution.
## General system requirements
- Windows 10 version 1809. There is no support for Windows 7, Windows 8, or non-Surface host devices. Surface Dock 2 works with the following Surface devices:
- Surface Pro (5th Gen)
- Surface Pro (5th Gen) with LTE Advanced
- Surface Laptop (1st Gen)
- Surface Pro 6
- Surface Book 2
- Surface Laptop 2
- Surface Go
- Surface Go with LTE Advanced
- Surface Studio 2
- Surface Pro 7
- Surface Laptop 3
- Surface Book 3
- Surface Go 2
- Surface Go 2 with LTE Advanced
## Surface Dock 2 Components
![Surface Dock 2 Components](./images/surface-dock2.png)
### USB
- Two front facing USB-C ports.
- Two rear facing USB-C (gen 2) ports.
- Two rear facing USB-A ports.
### Video
- Dual 4K@60hz. Supports up to two displays on the following devices:
- Surface Book 3
- Surface Go 2
- Surface Go 2 with LTE Advanced
- Surface Pro 7
- Surface Pro X
- Surface Laptop 3
- Dual 4K@ 4K@30Hz. Supports up to two displays on the following devices:
- Surface Pro 6
- Surface Pro (5th Gen)
- Surface Pro (5th Gen) with LTE Advanced
- Surface Laptop 2
- Surface Laptop (1st Gen)
- Surface Go
- Surface Book 2.
### Ethernet
- 1 gigabit Ethernet port.
### External Power supply
- 199 watts supporting 100V-240V.
## Comparing Surface Dock 2
### Table 1. Surface Dock 2 tech specs comparison
|Component|Surface Dock|Surface Dock 2|
|---|---|---|
|Surflink|Yes|Yes|
|USB-A|2 front facing USB 3.1 Gen 1<br>2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)|
|Mini Display port|2 rear facing (DP1.2)|None|
|USB-C|None|2 front facing USB 3.2 Gen 2<br>[15W power]<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>[7.5W power]|
|3.5 mm Audio in/out|Yes|Yes|
|Ethernet|Yes, 1 gigabit|Yes 1 gigabit|
|DC power in|Yes|Yes|
|Kensington lock|Yes|Yes|
|Surflink cable length|65cm|80cm|
|Surflink host power|60W|120W|
|USB load power|30W|60W|
|USB bit rate|5 Gbps|10 Gbps|
|Monitor support|2 x 4k @30fps, or<br>1 x 4k @ 60fps|2 x 4K @ 60fps|
|Wake-on-LAN from Connected Standby<sup>1</sup>|Yes|Yes|
|Wake-on-LAN from S4/S5 sleep modes|No|Yes|
|Network PXE boot|Yes|Yes|
|SEMM host access control|No|Coming in Windows Update<sup>2</sup>|
|SEMM port access control<sup>3</sup>|No|Coming in Windows Update|
|Servicing support|MSI|Windows Update or MSI|
||||
1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2. Software license required for some features. Sold separately.*
2. *Pending release via Windows Update.*
3. *Software license required for some features. Sold separately.*
## Streamlined device management
Following the public announcement of Surface Dock 2, Surface will release streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
- **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools.
- **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools.
- **Centralized IT control**. Control who can connect to Surface Dock 2 by turning ports on and off. Restrict which host devices can be used with Surface Dock 2. Limit dock access to a single user or configure docks so they can only be accessed by specific users in your team or across the entire company.
## Next steps
- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
- [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)

51
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -382,56 +382,11 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go.
The best way to view the most current Setting names and IDs for devices is to use the ConfigureSEMM.ps1 script or the ConfigureSEMM - <device name>.ps1 from the SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703).
*Table 1. Surface UEFI settings for Surface Pro 4*
Setting names and IDs for all devices can be seen in the ConfigureSEMM.ps1 script.
| Setting ID | Setting Name | Description | Default Setting |
| --- | --- | --- | --- |
|501| Password | UEFI System Password | |
|200| Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty |
|300| Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled |
|301| Docking USB Port | Docking USB Port enabled or disabled | Enabled |
|302| Front Camera | Front Camera enabled or disabled | Enabled |
|303| Bluetooth | Bluetooth radio enabled or disabled | Enabled |
|304| Rear Camera | Rear Camera enabled or disabled | Enabled |
|305| IR Camera | InfraRed Camera enabled or disabled | Enabled |
|308| Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled |
|310| Type Cover | Surface Type Cover connector | Enabled |
|320| On-board Audio | On-board audio enabled or disabled | Enabled |
|330| Micro SD Card | Micro SD Card enabled or disabled | Enabled |
|370| USB Port 1 | Side USB Port (1) | UsbPortEnabled |
|400| IPv6 for PXE Boot | Enable IPv6 PXE boot before IPv4 PXE boot |Disabled |
|401| Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled |
|402| Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled |
|403| USB Boot | Enable booting from USB devices | Enabled |
|500| TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled |
|600| Security | UEFI Security Page Display enabled or disabled | Enabled |
|601| Devices | UEFI Devices Page Display enabled or disabled | Enabled |
|602| Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled |
*Table 2. Surface UEFI settings for Surface Book*
| Setting ID | Setting Name | Description | Default Setting |
| --- | --- | --- | --- |
| 501 | Password | UEFI System Password | |
| 200 | Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty |
| 300 | Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled |
| 301 | Docking USB Port | Docking USB Port enabled or disabled | Enabled |
| 302 | Front Camera | Front Camera enabled or disabled | Enabled |
| 303 | Bluetooth | Bluetooth radio enabled or disabled | Enabled |
| 304 | Rear Camera | Rear Camera enabled or disabled | Enabled |
| 305 | IR Camera | InfraRed Camera enabled or disabled | Enabled |
| 308 | Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled |
| 320 | On-board Audio | On-board audio enabled or disabled | Enabled |
| 400 | IPv6 for PXE Boot Enable | IPv6 PXE boot before IPv4 PXE boot | Disabled |
| 401 | Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled |
| 402 | Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled |
| 403 | USB Boot | Enable booting from USB devices | Enabled |
| 500 | TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled |
| 600 | Security | UEFI Security Page Display enabled or disabled | Enabled |
| 601 | Devices | UEFI Devices Page Display enabled or disabled | Enabled |
| 602 | Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled |
Setting names and IDs for specific devices can be seen in the ConfigureSEMM - <device name>.ps1 scripts. For example, setting names and IDs for Surface Pro X can be found in the ConfigureSEMM ProX.ps1 script.
## Deploy SEMM Configuration Manager scripts

9
devices/surface/windows-autopilot-and-surface-devices.md
View File

@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
@ -37,7 +37,7 @@ These Windows versions support a 4,000-byte (4k) hash value that uniquely identi
## Exchange experience on Surface devices in need of repair or replacement
Microsoft automatically checks every Surface for Autopilot enrollment and will deregister the device from the customers tenant. Microsoft ensures the replacement device is enrolled into Windows Autopilot once a replacement is shipped back to the customer. This service is available on all device exchange service orders directly with Microsoft.
Microsoft automatically checks every Surface for Autopilot enrollment and will deregister the device from the customer's tenant. Microsoft ensures the replacement device is enrolled into Windows Autopilot once a replacement is shipped back to the customer. This service is available on all device exchange service orders directly with Microsoft.
> [!NOTE]
> When customers use a Partner to return devices, the Partner is responsible for managing the exchange process including deregistering and enrolling devices into Windows Autopilot.
@ -52,10 +52,11 @@ Surface partners that are enabled for Windows Autopilot include:
|--------------|---------------|-------------------|
| * [CDW](https://www.cdw.com/) | * [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) | * [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) |
| * [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) | * [ATEA](https://www.atea.com/) | * [Techdata](https://www.techdata.com/) |
| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | |
| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | * [Ingram](https://go.microsoft.com/fwlink/p/?LinkID=2128954) |
| * [SHI](https://www.shi.com/Surface) | * [Cancom](https://www.cancom.de/) | |
| * [LDI Connect](https://www.myldi.com/managed-it/) | * [Computacenter](https://www.computacenter.com/uk) | |
| * [F1](https://www.functiononeit.com/#empower) | |
| * [F1](https://www.functiononeit.com/#empower) | | |
| * [Protected Trust](https://go.microsoft.com/fwlink/p/?LinkID=2129005) | | |
## Learn more

2
education/windows/autopilot-reset.md
View File

@ -64,7 +64,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
**To trigger Autopilot Reset**
1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**.
1. From the Windows device lock screen, enter the keystroke: **CTRL + Windows key + R**.
![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)

34
education/windows/configure-windows-for-education.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 08/31/2017
ms.date:
ms.reviewer:
manager: dansimp
---
@ -32,7 +32,7 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur
| **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This is already set | This is already set | The policy must be set |
| **Cortana** | **AllowCortana** | Disables Cortana </br></br> * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. |
| **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This is already set | This is already set | The policy must be set |
| **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
| **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge. See [Ad-free search with Bing](#ad-free-search-with-bing | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready </br></br> * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set |
@ -150,34 +150,10 @@ For example:
![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png)
## Ad-free search with Bing
Provide an ad-free experience that is a safer, more private search option for K12 education institutions in the United States. Additional information is available at https://www.bing.com/classroom/about-us.
> [!NOTE]
> If you enable the guest account in shared PC mode, students using the guest account will not have an ad-free experience searching with Bing in Microsoft Edge unless the PC is connected to your school network and your school network has been configured as described in [IP registration for entire school network using Microsoft Edge](#ip-registration-for-entire-school-network-using-microsoft-edge).
Provide an ad-free experience that is a safer, more private search option for K12 education institutions in the United States.
### Configurations
#### IP registration for entire school network using Microsoft Edge
Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bingintheclassroom@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email.
**District information**
- **District or School Name:**
- **Outbound IP Addresses (IP Range + CIDR):**
- **Address:**
- **City:**
- **State Abbreviation:**
- **Zip Code:**
**Registrant information**
- **First Name:**
- **Last Name:**
- **Job Title:**
- **Email Address:**
- **Opt-In for Email Announcements?:**
- **Phone Number:**
This will suppress ads when searching with Bing on Microsoft Edge when the PC is connected to the school network.
#### Azure AD and Office 365 Education tenant
To suppress ads when searching with Bing on Microsoft Edge on any network, follow these steps:
@ -185,6 +161,8 @@ To suppress ads when searching with Bing on Microsoft Edge on any network, follo
2. Domain join the Windows 10 PCs to your Azure AD tenant (this is the same as your Office 365 tenant).
3. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
4. Have students sign in with their Azure AD identity, which is the same as your Office 365 identity, to use the PC.
> [!NOTE]
> If you are verifying your Office 365 domain to prove education status (step 1 above), you may need to wait up to 7 days for the ad-free experience to take effect. Microsoft recommends not to roll out the browser to your students until that time.
#### Office 365 sign-in to Bing
To suppress ads only when the student signs into Bing with their Office 365 account in Microsoft Edge, follow these steps:
@ -192,8 +170,6 @@ To suppress ads only when the student signs into Bing with their Office 365 acco
1. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
2. Have students sign into Bing with their Office 365 account.
### More information
For more information on all the possible Bing configuration methods, see https://aka.ms/e4ahor.
## Related topics
[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)

2
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -45,7 +45,7 @@ Before you get started, be sure to review these best practices and requirements:
**Best practices**
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.

2
store-for-business/distribute-offline-apps.md
View File

@ -44,7 +44,7 @@ You can't distribute offline-licensed apps directly from Microsoft Store. Once y
- **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
- **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
- [Manage apps from Microsoft Store for Business with Microsoft Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br>
For third-party MDM providers or management servers, check your product documentation.

2
windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
View File

@ -1,6 +1,6 @@
---
title: How to Deploy the App-V Server Using a Script (Windows 10)
description: How to Deploy the App-V Server Using a Script
description: Information, lists, and tables that can help you deploy the App-V server using a script
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

2
windows/application-management/app-v/appv-deploying-appv.md
View File

@ -1,6 +1,6 @@
---
title: Deploying App-V (Windows 10)
description: Deploying App-V
description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

2
windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
View File

@ -1,6 +1,6 @@
---
title: How to publish a package by using the Management console (Windows 10)
description: How to publish a package by using the Management console.
description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
author: lomayor
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

2
windows/application-management/apps-in-windows-10.md
View File

@ -2,7 +2,7 @@
title: Windows 10 - Apps
ms.reviewer:
manager: dansimp
description: What are Windows, UWP, and Win32 apps
description: Use this article to understand the different types of apps that run on Windows 10, such as UWP and Win32 apps.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/change-history-for-application-management.md
View File

@ -1,6 +1,6 @@
---
title: Change history for Application management in Windows 10 (Windows 10)
description: View changes to documentation for application management in Windows 10.
description: View new release information and updated topics in the documentation for application management in Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage

18
windows/client-management/mdm/TOC.md
View File

@ -159,15 +159,15 @@
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
#### [Policies supported by Group Policy](policies-supported-by-group-policy.md)
#### [ADMX-backed policies](policies-admx-backed.md)
#### [Policies supported by HoloLens 2](policies-supported-by-hololens2.md)
#### [Policies supported by HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policies supported by HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
#### [Policies supported by Windows 10 IoT Enterprise](policies-supported-by-iot-enterprise.md)
#### [Policies supported by Windows 10 IoT Core](policies-supported-by-iot-core.md)
#### [Policies supported by Microsoft Surface Hub](policies-supported-by-surface-hub.md)
#### [Policies that can be set using Exchange Active Sync (EAS)](policies-that-can-be-set-using-eas.md)
#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
#### [ActiveXControls](policy-csp-activexcontrols.md)

2
windows/client-management/mdm/alljoynmanagement-ddf.md
View File

@ -1,6 +1,6 @@
---
title: AllJoynManagement DDF
description: AllJoynManagement DDF
description: Learn the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider.
ms.assetid: 540C2E60-A041-4749-A027-BBAF0BB046E4
ms.reviewer:
manager: dansimp

48
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -13,17 +13,15 @@ ms.date: 05/21/2019
# ApplicationControl CSP
Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using AppLocker CSPs CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only.
Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
ApplicationControl CSP was added in Windows 10, version 1903.
The following diagram shows ApplicationControl CSP in tree format.
The following diagram shows the ApplicationControl CSP in tree format.
![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
<a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**
Defines the root node for ApplicationControl CSP.
Defines the root node for the ApplicationControl CSP.
Scope is permanent. Supported operation is Get.
@ -33,7 +31,7 @@ An interior node that contains all the policies, each identified by their global
Scope is permanent. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid"></a>**ApplicationControl/Policies/_Policy GUID_**
ApplicationControl CSP enforces that the “ID” segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node.
The ApplicationControl CSP enforces that the "ID" segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node.
Scope is dynamic. Supported operation is Get.
@ -121,11 +119,11 @@ Value type is char.
For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune)
## Non-Intune Usage Guidance
## Generic MDM Server Usage Guidance
In order to leverage the ApplicationControl CSP without using Intune, you must:
1. Know a generated policys GUID, which can be found in the policy xml as <PolicyID> or <PolicyTypeID> for pre-1903 systems.
1. Know a generated policy's GUID, which can be found in the policy xml as <PolicyID> or <PolicyTypeID> for pre-1903 systems.
2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool.
@ -205,7 +203,7 @@ The following example shows the deployment of two base policies and a supplement
### Get policies
Perform a GET using a deployed policys GUID to interrogate/inspect the policy itself or information about it.
Perform a GET using a deployed policy's GUID to interrogate/inspect the policy itself or information about it.
The following table displays the result of Get operation on different nodes:
@ -265,3 +263,33 @@ The following is an example of Delete command:
</Item>
</Delete>
```
## PowerShell and WMI Bridge Usage Guidance
The ApplicationControl CSP can also be managed locally from PowerShell or via SCCM's task sequence scripting by leveraging the [WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
### Setup for using the WMI Bridge
1. Convert your WDAC policy to Base64
2. Open PowerShell in Local System context (through PSExec or something similar)
3. Use WMI Interface:
```powershell
$namespace = "root\cimv2\mdm\dmmap"
$policyClassName = "MDM_AppControl_Policies"
$policyBase64 = …
```
### Deploying a policy via WMI Bridge
Run the following command. PolicyID is a GUID which can be found in the policy xml, and should be used here without braces.
```powershell
New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="<PolicyID>";Policy=$policyBase64}
```
### Querying all policies via WMI Bridge
```powershell
Get-CimInstance -Namespace $namespace -ClassName $policyClassName
```

4
windows/client-management/mdm/applocker-csp.md
View File

@ -34,6 +34,8 @@ Defines restrictions for applications.
>
> Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.
> [!NOTE]
> Deploying policies via the AppLocker CSP will force a reboot during OOBE.
Additional information:
@ -1754,7 +1756,7 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="WINWORD.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>

2
windows/client-management/mdm/appv-deploy-and-config.md
View File

@ -1,6 +1,6 @@
---
title: Deploy and configure App-V apps using MDM
description: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Configuration Manager or App-V server.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -1,6 +1,6 @@
---
title: CM\_ProxyEntries CSP
description: CM\_ProxyEntries CSP
description: Configure proxy connections on mobile devices using CM\_ProxyEntries CSP.
ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
ms.reviewer:
manager: dansimp

5
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -2731,7 +2731,7 @@ The following list shows the CSPs supported in HoloLens devices:
| [DMClient CSP](dmclient-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
| [NetworkProxy CSP](networkproxy-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>7</sup>|
| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | ![cross mark](images/crossmark.png) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) <sup>8</sup>|
| [NodeCache CSP](nodecache-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
[PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
| [Policy CSP](policy-configuration-service-provider.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
@ -2807,4 +2807,5 @@ The following list shows the CSPs supported in HoloLens devices:
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
- 7 - Added in the next major release of Windows 10.
- 7 - Added in Windows 10, version 1909.
- 8 - Added in the next major release of Windows 10.

2
windows/client-management/mdm/devinfo-csp.md
View File

@ -1,6 +1,6 @@
---
title: DevInfo CSP
description: DevInfo CSP
description: Learn now the DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server.
ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
ms.reviewer:
manager: dansimp

126
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -33,9 +33,9 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
## Enable a policy
> [!NOTE]
> See [Understanding ADMX-backed policies](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
1. Find the policy from the list [ADMX-backed policies](policies-admx-backed.md). You need the following information listed in the policy description.
1. Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.
- GP English name
- GP name
- GP ADMX file name
@ -65,37 +65,37 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
In this example you configure **Enable App-V Client** to **Enabled**.
> [!NOTE]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient </LocURI>
</Target>
<Data><Enabled/></Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
> [!NOTE]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient </LocURI>
</Target>
<Data><Enabled/></Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
## Enable a policy that requires parameters
1. Create the SyncML to enable the policy that requires parameters.
1. Create the SyncML to enable the policy that requires parameters.
In this example, the policy is in **Administrative Templates > System > App-V > Publishing**.
In this example, the policy is in **Administrative Templates > System > App-V > Publishing**.
1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
@ -107,7 +107,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
![Publishing server 2 policy description](images/admx-appv-policy-description.png)
![Publishing server 2 policy description](images/admx-appv-policy-description.png)
3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
@ -227,41 +227,41 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
Here is the example for **AppVirtualization/PublishingAllowServer2**:
> [!NOTE]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
```xml
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
</Target>
<Data>
<![CDATA[<enabled/><data id="Publishing_Server2_Name_Prompt" value="name prompt"/><data
id="Publishing_Server_URL_Prompt" value="URL prompt"/><data
id="Global_Publishing_Refresh_Options" value="1"/><data
id="Global_Refresh_OnLogon_Options" value="0"/><data
id="Global_Refresh_Interval_Prompt" value="15"/><data
id="Global_Refresh_Unit_Options" value="0"/><data
id="User_Publishing_Refresh_Options" value="0"/><data
id="User_Refresh_OnLogon_Options" value="0"/><data
id="User_Refresh_Interval_Prompt" value="15"/><data
id="User_Refresh_Unit_Options" value="1"/>]]>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
> [!NOTE]
> The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
```xml
<?xml version="1.0" encoding="utf-8"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
</Target>
<Data>
<![CDATA[<enabled/><data id="Publishing_Server2_Name_Prompt" value="name prompt"/><data
id="Publishing_Server_URL_Prompt" value="URL prompt"/><data
id="Global_Publishing_Refresh_Options" value="1"/><data
id="Global_Refresh_OnLogon_Options" value="0"/><data
id="Global_Refresh_Interval_Prompt" value="15"/><data
id="Global_Refresh_Unit_Options" value="0"/><data
id="User_Publishing_Refresh_Options" value="0"/><data
id="User_Refresh_OnLogon_Options" value="0"/><data
id="User_Refresh_Interval_Prompt" value="15"/><data
id="User_Refresh_Unit_Options" value="1"/>]]>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
## Disable a policy

2
windows/client-management/mdm/enterpriseextfilessystem-csp.md
View File

@ -1,6 +1,6 @@
---
title: EnterpriseExtFileSystem CSP
description: EnterpriseExtFileSystem CSP
description: Add, retrieve, or change files through the Mobile Device Management (MDM) service using the EnterpriseExtFileSystem CSP.
ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/firewall-csp.md
View File

@ -1,6 +1,6 @@
---
title: Firewall CSP
description: Firewall CSP
description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings.
ms.author: dansimp
ms.topic: article
ms.prod: w10

9
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -658,7 +658,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top"><a href="policies-admx-backed.md" data-raw-source="[ADMX-backed policies in Policy CSP](policies-admx-backed.md)">ADMX-backed policies in Policy CSP</a></td>
<td style="vertical-align:top"><a href="policy-csps-admx-backed.md" data-raw-source="[ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)">ADMX-backed policies in Policy CSP</a></td>
<td style="vertical-align:top"><p>Added new policies.</p>
</td></tr>
<tr class="odd">
@ -1874,7 +1874,8 @@ Alternatively you can use the following procedure to create an EAP Configuration
![vpn selfhost properties window](images/certfiltering1.png)
> **Note**  For PEAP or TTLS, select the appropriate method and continue following this procedure.
> [!NOTE]
> For PEAP or TTLS, select the appropriate method and continue following this procedure.
3. Click the **Properties** button underneath the drop down menu.
4. In the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
@ -1888,7 +1889,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
8. Continue following the procedure in the [EAP configuration](eap-configuration.md) topic from Step 9 to get an EAP TLS profile with appropriate filtering.
> [!NOTE]
>You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx) topic.
> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) Settings for Network Access](https://technet.microsoft.com/library/hh945104.aspx).
### Remote PIN reset not supported in Azure Active Directory joined mobile devices
@ -2433,7 +2434,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
</ul>
<p>Added a new section:</p>
<ul>
<li><a href="policies-supported-by-group-policy.md" data-raw-source="[Policies supported by Group Policy](policies-supported-by-group-policy.md)">Policies supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
<li><a href="policy-csps-supported-by-group-policy.md" data-raw-source="[[Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)">[Policy CSPs supported by Group Policy</a> - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.</li>
</ul>
</td></tr>
<tr>

420
windows/client-management/mdm/policies-admx-backed.md
View File

@ -1,420 +0,0 @@
---
title: ADMX-backed policies
description: ADMX-backed policies
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# ADMX-backed policies
> [!div class="op_single_selector"]
>
> - [Policies supported by Group Policy](policies-supported-by-group-policy.md)
> - [ADMX-backed policies](policies-admx-backed.md)
>
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

911
windows/client-management/mdm/policies-supported-by-group-policy.md
View File

@ -1,911 +0,0 @@
---
title: Policies supported by Group Policy
description: Policies supported by Group Policy
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies supported by Group Policy
> [!div class="op_single_selector"]
>
> - [Policies supported by Group Policy](policies-supported-by-group-policy.md)
> - [ADMX-backed policies](policies-admx-backed.md)
>
- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
- [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
- [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
- [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
- [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
- [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
- [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
- [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
- [Authentication/AllowSecondaryAuthenticationDevice](./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice)
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
- [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
- [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
- [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
- [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
- [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
- [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDeveloperTools](./policy-csp-browser.md#browser-allowdevelopertools)
- [Browser/AllowDoNotTrack](./policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
- [Cellular/LetAppsAccessCellularData_ForceAllowTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps)
- [Cellular/LetAppsAccessCellularData_ForceDenyTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps)
- [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](./policy-csp-defender.md#defender-allowcloudprotection)
- [Defender/AllowEmailScanning](./policy-csp-defender.md#defender-allowemailscanning)
- [Defender/AllowFullScanOnMappedNetworkDrives](./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](./policy-csp-defender.md#defender-allowioavprotection)
- [Defender/AllowOnAccessProtection](./policy-csp-defender.md#defender-allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](./policy-csp-defender.md#defender-allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](./policy-csp-defender.md#defender-allowscanningnetworkfiles)
- [Defender/AllowUserUIAccess](./policy-csp-defender.md#defender-allowuseruiaccess)
- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
- [Defender/ExcludedProcesses](./policy-csp-defender.md#defender-excludedprocesses)
- [Defender/RealTimeScanDirection](./policy-csp-defender.md#defender-realtimescandirection)
- [Defender/ScanParameter](./policy-csp-defender.md#defender-scanparameter)
- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
[DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceGuard/ConfigureSystemGuardLaunch](./policy-csp-deviceguard.md#deviceguard-configuresystemguardlaunch)
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
- [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
- [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
- [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
- [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
- [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
- [DmaGuard/DeviceEnumerationPolicy](./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy)
- [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
- [Experience/AllowClipboardHistory](./policy-csp-experience.md#experience-allowclipboardhistory)
- [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
- [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
- [Experience/AllowThirdPartySuggestionsInWindowsSpotlight](./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight)
- [Experience/AllowWindowsConsumerFeatures](./policy-csp-experience.md#experience-allowwindowsconsumerfeatures)
- [Experience/AllowWindowsSpotlight](./policy-csp-experience.md#experience-allowwindowsspotlight)
- [Experience/AllowWindowsSpotlightOnActionCenter](./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter)
- [Experience/AllowWindowsSpotlightOnSettings](./policy-csp-experience.md#experience-allowwindowsspotlightonsettings)
- [Experience/AllowWindowsSpotlightWindowsWelcomeExperience](./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience)
- [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
- [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
- [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
- [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
- [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
- [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
- [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
- [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
- [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
- [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
- [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
- [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
- [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
- [LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon)
- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
- [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
- [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
- [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
- [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
- [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
- [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators)
- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers)
- [LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated)
- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations)
- [LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode)
- [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode)
- [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
- [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
- [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
- [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
- [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
- [NetworkIsolation/EnterpriseIPRange](./policy-csp-networkisolation.md#networkisolation-enterpriseiprange)
- [NetworkIsolation/EnterpriseIPRangesAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative)
- [NetworkIsolation/EnterpriseInternalProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers)
- [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
- [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
- [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
- [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
- [Power/SelectLidCloseActionOnBattery](./policy-csp-power.md#power-selectlidcloseactiononbattery)
- [Power/SelectLidCloseActionPluggedIn](./policy-csp-power.md#power-selectlidcloseactionpluggedin)
- [Power/SelectPowerButtonActionOnBattery](./policy-csp-power.md#power-selectpowerbuttonactiononbattery)
- [Power/SelectPowerButtonActionPluggedIn](./policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
- [Power/SelectSleepButtonActionOnBattery](./policy-csp-power.md#power-selectsleepbuttonactiononbattery)
- [Power/SelectSleepButtonActionPluggedIn](./policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
- [Power/TurnOffHybridSleepOnBattery](./policy-csp-power.md#power-turnoffhybridsleeponbattery)
- [Power/TurnOffHybridSleepPluggedIn](./policy-csp-power.md#power-turnoffhybridsleeppluggedin)
- [Power/UnattendedSleepTimeoutOnBattery](./policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
- [Power/UnattendedSleepTimeoutPluggedIn](./policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard)
- [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#privacy-disableprivacyexperience)
- [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
- [Privacy/LetAppsAccessAccountInfo](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
- [Privacy/LetAppsAccessCalendar](./policy-csp-privacy.md#privacy-letappsaccesscalendar)
- [Privacy/LetAppsAccessCalendar_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps)
- [Privacy/LetAppsAccessCalendar_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps)
- [Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps)
- [Privacy/LetAppsAccessCallHistory](./policy-csp-privacy.md#privacy-letappsaccesscallhistory)
- [Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps)
- [Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps)
- [Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps)
- [Privacy/LetAppsAccessCamera](./policy-csp-privacy.md#privacy-letappsaccesscamera)
- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps)
- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps)
- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps)
- [Privacy/LetAppsAccessContacts](./policy-csp-privacy.md#privacy-letappsaccesscontacts)
- [Privacy/LetAppsAccessContacts_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps)
- [Privacy/LetAppsAccessContacts_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps)
- [Privacy/LetAppsAccessContacts_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps)
- [Privacy/LetAppsAccessEmail](./policy-csp-privacy.md#privacy-letappsaccessemail)
- [Privacy/LetAppsAccessEmail_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps)
- [Privacy/LetAppsAccessEmail_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps)
- [Privacy/LetAppsAccessEmail_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps)
- [Privacy/LetAppsAccessLocation](./policy-csp-privacy.md#privacy-letappsaccesslocation)
- [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps)
- [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps)
- [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps)
- [Privacy/LetAppsAccessMessaging](./policy-csp-privacy.md#privacy-letappsaccessmessaging)
- [Privacy/LetAppsAccessMessaging_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps)
- [Privacy/LetAppsAccessMessaging_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps)
- [Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps)
- [Privacy/LetAppsAccessMicrophone](./policy-csp-privacy.md#privacy-letappsaccessmicrophone)
- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps)
- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps)
- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps)
- [Privacy/LetAppsAccessMotion](./policy-csp-privacy.md#privacy-letappsaccessmotion)
- [Privacy/LetAppsAccessMotion_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps)
- [Privacy/LetAppsAccessMotion_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps)
- [Privacy/LetAppsAccessMotion_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps)
- [Privacy/LetAppsAccessNotifications](./policy-csp-privacy.md#privacy-letappsaccessnotifications)
- [Privacy/LetAppsAccessNotifications_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps)
- [Privacy/LetAppsAccessNotifications_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps)
- [Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps)
- [Privacy/LetAppsAccessPhone](./policy-csp-privacy.md#privacy-letappsaccessphone)
- [Privacy/LetAppsAccessPhone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps)
- [Privacy/LetAppsAccessPhone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps)
- [Privacy/LetAppsAccessPhone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps)
- [Privacy/LetAppsAccessRadios](./policy-csp-privacy.md#privacy-letappsaccessradios)
- [Privacy/LetAppsAccessRadios_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps)
- [Privacy/LetAppsAccessRadios_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps)
- [Privacy/LetAppsAccessRadios_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps)
- [Privacy/LetAppsAccessTasks](./policy-csp-privacy.md#privacy-letappsaccesstasks)
- [Privacy/LetAppsAccessTasks_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps)
- [Privacy/LetAppsAccessTasks_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps)
- [Privacy/LetAppsAccessTasks_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps)
- [Privacy/LetAppsAccessTrustedDevices](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices)
- [Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps)
- [Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps)
- [Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps)
- [Privacy/LetAppsGetDiagnosticInfo](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
- [Privacy/LetAppsRunInBackground](./policy-csp-privacy.md#privacy-letappsruninbackground)
- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps)
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps)
- [Privacy/LetAppsSyncWithDevices](./policy-csp-privacy.md#privacy-letappssyncwithdevices)
- [Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps)
- [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
- [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
- [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities)
- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
- [Search/AllowFindMyFiles](./policy-csp-search.md#search-allowfindmyfiles)
- [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
- [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)
- [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics)
- [Search/AlwaysUseAutoLangDetection](./policy-csp-search.md#search-alwaysuseautolangdetection)
- [Search/DisableBackoff](./policy-csp-search.md#search-disablebackoff)
- [Search/DisableRemovableDriveIndexing](./policy-csp-search.md#search-disableremovabledriveindexing)
- [Search/DoNotUseWebResults](./policy-csp-search.md#search-donotusewebresults)
- [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb)
- [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries)
- [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips)
- [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar)
- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist)
- [SmartScreen/EnableAppInstallControl](./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol)
- [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
- [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
- [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
- [Start/DisableContextMenus](./policy-csp-start.md#start-disablecontextmenus)
- [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
- [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
- [Start/StartLayout](./policy-csp-start.md#start-startlayout)
- [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
- [System/AllowCommercialDataPipeline](./policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata)
- [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/ConfigureMicrosoft365UploadEndpoint](./policy-csp-system.md#system-configuremicrosoft365uploadendpoint)
- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
- [System/DisableDeviceDelete](./policy-csp-system.md#system-disabledevicedelete)
- [System/DisableDiagnosticDataViewer](./policy-csp-system.md#system-disablediagnosticdataviewer)
- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
- [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
- [System/TurnOffFileHistory](./policy-csp-system.md#system-turnofffilehistory)
- [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
- [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
- [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
- [SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode)
- [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
- [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
- [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
- [Troubleshooting/AllowRecommendations](./policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
- [Update/AllowAutoUpdate](./policy-csp-update.md#update-allowautoupdate)
- [Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork](./policy-csp-update.md#update-allowautowindowsupdatedownloadovermeterednetwork)
- [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
- [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
- [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
- [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
- [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
- [Update/AutomaticMaintenanceWakeUp](./policy-csp-update.md#update-automaticmaintenancewakeup)
- [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
- [Update/ConfigureDeadlineForFeatureUpdates](./policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](./policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](./policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](./policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
- [Update/DeferUpgradePeriod](./policy-csp-update.md#update-deferupgradeperiod)
- [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
- [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
- [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
- [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
- [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
- [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
- [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
- [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
- [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
- [Update/PauseDeferrals](./policy-csp-update.md#update-pausedeferrals)
- [Update/PauseFeatureUpdates](./policy-csp-update.md#update-pausefeatureupdates)
- [Update/PauseFeatureUpdatesStartTime](./policy-csp-update.md#update-pausefeatureupdatesstarttime)
- [Update/PauseQualityUpdates](./policy-csp-update.md#update-pausequalityupdates)
- [Update/PauseQualityUpdatesStartTime](./policy-csp-update.md#update-pausequalityupdatesstarttime)
- [Update/RequireDeferUpgrade](./policy-csp-update.md#update-requiredeferupgrade)
- [Update/ScheduleImminentRestartWarning](./policy-csp-update.md#update-scheduleimminentrestartwarning)
- [Update/ScheduleRestartWarning](./policy-csp-update.md#update-schedulerestartwarning)
- [Update/ScheduledInstallDay](./policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallEveryWeek](./policy-csp-update.md#update-scheduledinstalleveryweek)
- [Update/ScheduledInstallFirstWeek](./policy-csp-update.md#update-scheduledinstallfirstweek)
- [Update/ScheduledInstallFourthWeek](./policy-csp-update.md#update-scheduledinstallfourthweek)
- [Update/ScheduledInstallSecondWeek](./policy-csp-update.md#update-scheduledinstallsecondweek)
- [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
- [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
- [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
- [Update/UpdateNotificationLevel](./policy-csp-update.md#update-updatenotificationlevel)
- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
- [UserRights/AccessFromNetwork](./policy-csp-userrights.md#userrights-accessfromnetwork)
- [UserRights/ActAsPartOfTheOperatingSystem](./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem)
- [UserRights/AllowLocalLogOn](./policy-csp-userrights.md#userrights-allowlocallogon)
- [UserRights/BackupFilesAndDirectories](./policy-csp-userrights.md#userrights-backupfilesanddirectories)
- [UserRights/ChangeSystemTime](./policy-csp-userrights.md#userrights-changesystemtime)
- [UserRights/CreateGlobalObjects](./policy-csp-userrights.md#userrights-createglobalobjects)
- [UserRights/CreatePageFile](./policy-csp-userrights.md#userrights-createpagefile)
- [UserRights/CreatePermanentSharedObjects](./policy-csp-userrights.md#userrights-createpermanentsharedobjects)
- [UserRights/CreateSymbolicLinks](./policy-csp-userrights.md#userrights-createsymboliclinks)
- [UserRights/CreateToken](./policy-csp-userrights.md#userrights-createtoken)
- [UserRights/DebugPrograms](./policy-csp-userrights.md#userrights-debugprograms)
- [UserRights/DenyAccessFromNetwork](./policy-csp-userrights.md#userrights-denyaccessfromnetwork)
- [UserRights/DenyLocalLogOn](./policy-csp-userrights.md#userrights-denylocallogon)
- [UserRights/DenyRemoteDesktopServicesLogOn](./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon)
- [UserRights/EnableDelegation](./policy-csp-userrights.md#userrights-enabledelegation)
- [UserRights/GenerateSecurityAudits](./policy-csp-userrights.md#userrights-generatesecurityaudits)
- [UserRights/ImpersonateClient](./policy-csp-userrights.md#userrights-impersonateclient)
- [UserRights/IncreaseSchedulingPriority](./policy-csp-userrights.md#userrights-increaseschedulingpriority)
- [UserRights/LoadUnloadDeviceDrivers](./policy-csp-userrights.md#userrights-loadunloaddevicedrivers)
- [UserRights/LockMemory](./policy-csp-userrights.md#userrights-lockmemory)
- [UserRights/ManageAuditingAndSecurityLog](./policy-csp-userrights.md#userrights-manageauditingandsecuritylog)
- [UserRights/ManageVolume](./policy-csp-userrights.md#userrights-managevolume)
- [UserRights/ModifyFirmwareEnvironment](./policy-csp-userrights.md#userrights-modifyfirmwareenvironment)
- [UserRights/ModifyObjectLabel](./policy-csp-userrights.md#userrights-modifyobjectlabel)
- [UserRights/ProfileSingleProcess](./policy-csp-userrights.md#userrights-profilesingleprocess)
- [UserRights/RemoteShutdown](./policy-csp-userrights.md#userrights-remoteshutdown)
- [UserRights/RestoreFilesAndDirectories](./policy-csp-userrights.md#userrights-restorefilesanddirectories)
- [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
- [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
- [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
- [WindowsDefenderSecurityCenter/EnableCustomizedToasts](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts)
- [WindowsDefenderSecurityCenter/EnableInAppCustomization](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization)
- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
- [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
- [WindowsLogon/EnableFirstLogonAnimation](./policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)
- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
- [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
- [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
- [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

69
windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md
View File

@ -1,69 +0,0 @@
---
title: Policies supported by HoloLens (1st gen) Commercial Suite
description: Policies supported by HoloLens (1st gen) Commercial Suite
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 09/17/2019
---
# Policies supported by HoloLens (1st gen) Commercial Suite
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policies-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
- [Bluetooth/AllowAdvertising](policy-csp-bluetooth.md#bluetooth-allowadvertising)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowAutofill](policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/RequireDeferUpgrade](policy-csp-update.md#update-requiredeferupgrade)
- [Update/RequireUpdateApproval](policy-csp-update.md#update-requireupdateapproval)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

68
windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md
View File

@ -1,68 +0,0 @@
---
title: Policies supported by HoloLens (1st gen) Development Edition
description: Policies supported by HoloLens (1st gen) Development Edition
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies supported by HoloLens (1st gen) Development Edition
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policies-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Bluetooth/AllowAdvertising](policy-csp-bluetooth.md#bluetooth-allowadvertising)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/RequireUpdateApproval](policy-csp-update.md#update-requireupdateapproval)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Update/RequireDeferUpgrade](policy-csp-update.md#update-requiredeferupgrade)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

109
windows/client-management/mdm/policies-supported-by-hololens2.md
View File

@ -1,109 +0,0 @@
---
title: Policies supported by HoloLens 2
description: Policies supported by HoloLens 2
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies supported by HoloLens 2
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policies-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowAutofill](policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-forceallowtheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-forcedenytheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-userincontroloftheseapps)
- [Privacy/LetAppsAccessCamera](policy-csp-privacy.md#privacy-letappsaccesscamera)
- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessGazeInput](policy-csp-privacy.md#privacy-letappsaccessgazeinput) <sup>7</sup>
- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-forceallowtheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-forcedenytheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-userincontroloftheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessLocation](policy-csp-privacy.md#privacy-letappsaccesslocation)
- [Privacy/LetAppsAccessMicrophone](policy-csp-privacy.md#privacy-letappsaccessmicrophone)
- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>7</sup>
- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>7</sup>
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
- [Update/PauseFeatureUpdates](policy-csp-update.md#update-pausefeatureupdates)
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>7</sup>
Footnotes:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
- 7 - Added in the next major release of Windows 10.
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

73
windows/client-management/mdm/policies-supported-by-iot-core.md
View File

@ -1,73 +0,0 @@
---
title: Policies supported by Windows 10 IoT Core
description: Policies supported by Windows 10 IoT Core
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 09/16/2019
---
# Policies supported by Windows 10 IoT Core
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policies-supported-by-iot-enterprise.md)
> - [IoT Core](policies-supported-by-iot-core.md)
>
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [CredentialProviders/AllowPINLogon](policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md#dataprotection-allowdirectmemoryaccess)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Wifi/AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
- [Wifi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

68
windows/client-management/mdm/policies-supported-by-iot-enterprise.md
View File

@ -1,68 +0,0 @@
---
title: Policies supported by Windows 10 IoT Enterprise
description: Policies supported by Windows 10 IoT Enterprise
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies supported by Windows 10 IoT Enterprise
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policies-supported-by-iot-enterprise.md)
> - [IoT Core](policies-supported-by-iot-core.md)
>
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

78
windows/client-management/mdm/policies-supported-by-surface-hub.md
View File

@ -1,78 +0,0 @@
---
title: Policies supported by Microsoft Surface Hub
description: Policies supported by Microsoft Surface Hub
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies supported by Microsoft Surface Hub
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#cryptography-tlsciphersuites)
- [Defender/AllowArchiveScanning](policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](policy-csp-defender.md#defender-allowcloudprotection)
- [Defender/AllowEmailScanning](policy-csp-defender.md#defender-allowemailscanning)
- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
- [Defender/AllowIntrusionPreventionSystem](policy-csp-defender.md#defender-allowintrusionpreventionsystem)
- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
- [Defender/AllowScriptScanning](policy-csp-defender.md#defender-allowscriptscanning)
- [Defender/AllowUserUIAccess](policy-csp-defender.md#defender-allowuseruiaccess)
- [Defender/AvgCPULoadFactor](policy-csp-defender.md#defender-avgcpuloadfactor)
- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#defender-daystoretaincleanedmalware)
- [Defender/ExcludedExtensions](policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](policy-csp-defender.md#defender-excludedpaths)
- [Defender/ExcludedProcesses](policy-csp-defender.md#defender-excludedprocesses)
- [Defender/PUAProtection](policy-csp-defender.md#defender-puaprotection)
- [Defender/RealTimeScanDirection](policy-csp-defender.md#defender-realtimescandirection)
- [Defender/ScanParameter](policy-csp-defender.md#defender-scanparameter)
- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](policy-csp-defender.md#defender-schedulescantime)
- [Defender/SignatureUpdateInterval](policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#defender-threatseveritydefaultaction)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [TextInput/AllowIMELogging](policy-csp-textinput.md#textinput-allowimelogging)
- [TextInput/AllowIMENetworkAccess](policy-csp-textinput.md#textinput-allowimenetworkaccess)
- [TextInput/AllowInputPanel](policy-csp-textinput.md#textinput-allowinputpanel)
- [TextInput/AllowJapaneseIMESurrogatePairCharacters](policy-csp-textinput.md#textinput-allowjapaneseimesurrogatepaircharacters)
- [TextInput/AllowJapaneseIVSCharacters](policy-csp-textinput.md#textinput-allowjapaneseivscharacters)
- [TextInput/AllowJapaneseNonPublishingStandardGlyph](policy-csp-textinput.md#textinput-allowjapanesenonpublishingstandardglyph)
- [TextInput/AllowJapaneseUserDictionary](policy-csp-textinput.md#textinput-allowjapaneseuserdictionary)
- [TextInput/AllowLanguageFeaturesUninstall](policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
- [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208)
- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

28
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -4029,24 +4029,24 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
## Policies supported by Group Policy and ADMX-backed policies
- [Policies supported by Group Policy](policies-supported-by-group-policy.md)
- [ADMX-backed policies](policies-admx-backed.md)
## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs
- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
- [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
## Policies supported by HoloLens devices
- [Policies supported by HoloLens 2](policies-supported-by-hololens2.md)
- [Policies supported by HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
- [Policies supported by HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
## Policy CSPs supported by HoloLens devices
- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
## Policies supported by Windows 10 IoT
- [Policies supported by Windows 10 IoT Enterprise](policies-supported-by-iot-enterprise.md)
- [Policies supported by Windows 10 IoT Core](policies-supported-by-iot-core.md)
## Policy CSPs supported by Windows 10 IoT
- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
## Policies supported by Microsoft Surface Hub
- [Policies supported by Microsoft Surface Hub](policies-supported-by-surface-hub.md)
## Policy CSPs supported by Microsoft Surface Hub
- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
## Policies that can be set using Exchange Active Sync (EAS)
- [Policies that can be set using Exchange Active Sync (EAS)](policies-that-can-be-set-using-eas.md)
## Policy CSPs that can be set using Exchange Active Sync (EAS)
- [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
## Related topics

2
windows/client-management/mdm/policy-csp-abovelock.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - AboveLock
description: Policy CSP - AboveLock
description: Learn the various AboveLock Policy CSP for Windows editions of Home, Pro, Business, and more.
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article

4
windows/client-management/mdm/policy-csp-controlpolicyconflict.md
View File

@ -100,8 +100,8 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
- \<MSFT:GPRegistryMappedName\>
- \<MSFT:GPDBMappedName\>
For the list MDM-GP mapping list, see [Policies supported by Group Policy
](policies-supported-by-group-policy.md).
For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
](policy-csps-supported-by-group-policy.md).
The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

2
windows/client-management/mdm/policy-csp-credentialproviders.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - CredentialProviders
description: Policy CSP - CredentialProviders
description: Learn the policy CSP for credential provider set up, sign in, PIN requests and so on.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/policy-csp-experience.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - Experience
description: Policy CSP - Experience
description: Learn the various Experience policy CSP for Cortana, Sync, Spotlight and more.
ms.author: dansimp
ms.topic: article
ms.prod: w10

2
windows/client-management/mdm/policy-csp-notifications.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSP - Notifications
description: Policy CSP - Notifications
description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications.
ms.author: dansimp
ms.topic: article
ms.prod: w10

421
windows/client-management/mdm/policy-csps-admx-backed.md Normal file
View File

@ -0,0 +1,421 @@
---
title: ADMX-backed policy CSPs
description: ADMX-backed policy CSPs
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# ADMX-backed policy CSPs
> [!div class="op_single_selector"]
>
> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
>
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

913
windows/client-management/mdm/policy-csps-supported-by-group-policy.md Normal file
View File

@ -0,0 +1,913 @@
---
title: Policy CSPs supported by Group Policy
description: Policy CSPs supported by Group Policy
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by Group Policy
> [!div class="op_single_selector"]
>
> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
>
- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
- [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
- [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
- [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
- [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
- [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
- [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
- [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
- [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
- [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
- [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
- [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
- [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
- [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
- [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
- [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl)
- [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
- [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
- [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
- [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
- [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
- [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
- [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
- [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
- [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
- [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
- [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration)
- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers)
- [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr)
- [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata)
- [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps)
- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall)
- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges)
- [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly)
- [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume)
- [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume)
- [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
- [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
- [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
- [Authentication/AllowSecondaryAuthenticationDevice](./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice)
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
- [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
- [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
- [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
- [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
- [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
- [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDeveloperTools](./policy-csp-browser.md#browser-allowdevelopertools)
- [Browser/AllowDoNotTrack](./policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowExtensions](./policy-csp-browser.md#browser-allowextensions)
- [Browser/AllowFlash](./policy-csp-browser.md#browser-allowflash)
- [Browser/AllowFlashClickToRun](./policy-csp-browser.md#browser-allowflashclicktorun)
- [Browser/AllowFullScreenMode](./policy-csp-browser.md#browser-allowfullscreenmode)
- [Browser/AllowInPrivate](./policy-csp-browser.md#browser-allowinprivate)
- [Browser/AllowMicrosoftCompatibilityList](./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist)
- [Browser/AllowPasswordManager](./policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](./policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowPrelaunch](./policy-csp-browser.md#browser-allowprelaunch)
- [Browser/AllowPrinting](./policy-csp-browser.md#browser-allowprinting)
- [Browser/AllowSavingHistory](./policy-csp-browser.md#browser-allowsavinghistory)
- [Browser/AllowSearchEngineCustomization](./policy-csp-browser.md#browser-allowsearchenginecustomization)
- [Browser/AllowSearchSuggestionsinAddressBar](./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSideloadingOfExtensions](./policy-csp-browser.md#browser-allowsideloadingofextensions)
- [Browser/AllowSmartScreen](./policy-csp-browser.md#browser-allowsmartscreen)
- [Browser/AllowTabPreloading](./policy-csp-browser.md#browser-allowtabpreloading)
- [Browser/AllowWebContentOnNewTabPage](./policy-csp-browser.md#browser-allowwebcontentonnewtabpage)
- [Browser/AlwaysEnableBooksLibrary](./policy-csp-browser.md#browser-alwaysenablebookslibrary)
- [Browser/ClearBrowsingDataOnExit](./policy-csp-browser.md#browser-clearbrowsingdataonexit)
- [Browser/ConfigureAdditionalSearchEngines](./policy-csp-browser.md#browser-configureadditionalsearchengines)
- [Browser/ConfigureFavoritesBar](./policy-csp-browser.md#browser-configurefavoritesbar)
- [Browser/ConfigureHomeButton](./policy-csp-browser.md#browser-configurehomebutton)
- [Browser/ConfigureKioskMode](./policy-csp-browser.md#browser-configurekioskmode)
- [Browser/ConfigureKioskResetAfterIdleTimeout](./policy-csp-browser.md#browser-configurekioskresetafteridletimeout)
- [Browser/ConfigureOpenMicrosoftEdgeWith](./policy-csp-browser.md#browser-configureopenmicrosoftedgewith)
- [Browser/ConfigureTelemetryForMicrosoft365Analytics](./policy-csp-browser.md#browser-configuretelemetryformicrosoft365analytics)
- [Browser/DisableLockdownOfStartPages](./policy-csp-browser.md#browser-disablelockdownofstartpages)
- [Browser/EnableExtendedBooksTelemetry](./policy-csp-browser.md#browser-enableextendedbookstelemetry)
- [Browser/EnterpriseModeSiteList](./policy-csp-browser.md#browser-enterprisemodesitelist)
- [Browser/HomePages](./policy-csp-browser.md#browser-homepages)
- [Browser/LockdownFavorites](./policy-csp-browser.md#browser-lockdownfavorites)
- [Browser/PreventAccessToAboutFlagsInMicrosoftEdge](./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge)
- [Browser/PreventCertErrorOverrides](./policy-csp-browser.md#browser-preventcerterroroverrides)
- [Browser/PreventFirstRunPage](./policy-csp-browser.md#browser-preventfirstrunpage)
- [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection)
- [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride)
- [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles)
- [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc)
- [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites)
- [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer)
- [Browser/SetDefaultSearchEngine](./policy-csp-browser.md#browser-setdefaultsearchengine)
- [Browser/SetHomeButtonURL](./policy-csp-browser.md#browser-sethomebuttonurl)
- [Browser/SetNewTabPageURL](./policy-csp-browser.md#browser-setnewtabpageurl)
- [Browser/ShowMessageWhenOpeningSitesInInternetExplorer](./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer)
- [Browser/SyncFavoritesBetweenIEAndMicrosoftEdge](./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge)
- [Browser/UnlockHomeButton](./policy-csp-browser.md#browser-unlockhomebutton)
- [Browser/UseSharedFolderForBooks](./policy-csp-browser.md#browser-usesharedfolderforbooks)
- [Camera/AllowCamera](./policy-csp-camera.md#camera-allowcamera)
- [Cellular/LetAppsAccessCellularData](./policy-csp-cellular.md#cellular-letappsaccesscellulardata)
- [Cellular/LetAppsAccessCellularData_ForceAllowTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forceallowtheseapps)
- [Cellular/LetAppsAccessCellularData_ForceDenyTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-forcedenytheseapps)
- [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge)
- [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials)
- [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
- [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
- [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](./policy-csp-defender.md#defender-allowcloudprotection)
- [Defender/AllowEmailScanning](./policy-csp-defender.md#defender-allowemailscanning)
- [Defender/AllowFullScanOnMappedNetworkDrives](./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](./policy-csp-defender.md#defender-allowioavprotection)
- [Defender/AllowOnAccessProtection](./policy-csp-defender.md#defender-allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](./policy-csp-defender.md#defender-allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](./policy-csp-defender.md#defender-allowscanningnetworkfiles)
- [Defender/AllowUserUIAccess](./policy-csp-defender.md#defender-allowuseruiaccess)
- [Defender/AttackSurfaceReductionOnlyExclusions](./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions)
- [Defender/AttackSurfaceReductionRules](./policy-csp-defender.md#defender-attacksurfacereductionrules)
- [Defender/AvgCPULoadFactor](./policy-csp-defender.md#defender-avgcpuloadfactor)
- [Defender/CheckForSignaturesBeforeRunningScan](./policy-csp-defender.md#defender-checkforsignaturesbeforerunningscan)
- [Defender/CloudBlockLevel](./policy-csp-defender.md#defender-cloudblocklevel)
- [Defender/CloudExtendedTimeout](./policy-csp-defender.md#defender-cloudextendedtimeout)
- [Defender/ControlledFolderAccessAllowedApplications](./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications)
- [Defender/ControlledFolderAccessProtectedFolders](./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders)
- [Defender/DaysToRetainCleanedMalware](./policy-csp-defender.md#defender-daystoretaincleanedmalware)
- [Defender/DisableCatchupFullScan](./policy-csp-defender.md#defender-disablecatchupfullscan)
- [Defender/DisableCatchupQuickScan](./policy-csp-defender.md#defender-disablecatchupquickscan)
- [Defender/EnableControlledFolderAccess](./policy-csp-defender.md#defender-enablecontrolledfolderaccess)
- [Defender/EnableLowCPUPriority](./policy-csp-defender.md#defender-enablelowcpupriority)
- [Defender/EnableNetworkProtection](./policy-csp-defender.md#defender-enablenetworkprotection)
- [Defender/ExcludedExtensions](./policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](./policy-csp-defender.md#defender-excludedpaths)
- [Defender/ExcludedProcesses](./policy-csp-defender.md#defender-excludedprocesses)
- [Defender/RealTimeScanDirection](./policy-csp-defender.md#defender-realtimescandirection)
- [Defender/ScanParameter](./policy-csp-defender.md#defender-scanparameter)
- [Defender/ScheduleQuickScanTime](./policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](./policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](./policy-csp-defender.md#defender-schedulescantime)
- [Defender/SignatureUpdateFallbackOrder](./policy-csp-defender.md#defender-signatureupdatefallbackorder)
- [Defender/SignatureUpdateFileSharesSources](./policy-csp-defender.md#defender-signatureupdatefilesharessources)
- [Defender/SignatureUpdateInterval](./policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](./policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](./policy-csp-defender.md#defender-threatseveritydefaultaction)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](./policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](./policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceGuard/ConfigureSystemGuardLaunch](./policy-csp-deviceguard.md#deviceguard-configuresystemguardlaunch)
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
- [Display/DisablePerProcessDpiForApps](./policy-csp-display.md#display-disableperprocessdpiforapps)
- [Display/EnablePerProcessDpi](./policy-csp-display.md#display-enableperprocessdpi)
- [Display/EnablePerProcessDpiForApps](./policy-csp-display.md#display-enableperprocessdpiforapps)
- [Display/TurnOffGdiDPIScalingForApps](./policy-csp-display.md#display-turnoffgdidpiscalingforapps)
- [Display/TurnOnGdiDPIScalingForApps](./policy-csp-display.md#display-turnongdidpiscalingforapps)
- [DmaGuard/DeviceEnumerationPolicy](./policy-csp-dmaguard.md#dmaguard-deviceenumerationpolicy)
- [Education/PreventAddingNewPrinters](./policy-csp-education.md#education-preventaddingnewprinters)
- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
- [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
- [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
- [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
- [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
- [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
- [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
- [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
- [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
- [Experience/AllowClipboardHistory](./policy-csp-experience.md#experience-allowclipboardhistory)
- [Experience/AllowCortana](./policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowFindMyDevice](./policy-csp-experience.md#experience-allowfindmydevice)
- [Experience/AllowTailoredExperiencesWithDiagnosticData](./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata)
- [Experience/AllowThirdPartySuggestionsInWindowsSpotlight](./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight)
- [Experience/AllowWindowsConsumerFeatures](./policy-csp-experience.md#experience-allowwindowsconsumerfeatures)
- [Experience/AllowWindowsSpotlight](./policy-csp-experience.md#experience-allowwindowsspotlight)
- [Experience/AllowWindowsSpotlightOnActionCenter](./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter)
- [Experience/AllowWindowsSpotlightOnSettings](./policy-csp-experience.md#experience-allowwindowsspotlightonsettings)
- [Experience/AllowWindowsSpotlightWindowsWelcomeExperience](./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience)
- [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips)
- [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen)
- [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications)
- [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting)
- [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing)
- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
- [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings)
- [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer)
- [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption)
- [Handwriting/PanelDefaultModeDocked](./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked)
- [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
- [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
- [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete)
- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning)
- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit)
- [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
- [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3)
- [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
- [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
- [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
- [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
- [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
- [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
- [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
- [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
- [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
- [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid)
- [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
- [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
- [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
- [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation)
- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms)
- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](./policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
- [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
- [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
- [InternetExplorer/DisableCompatView](./policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory)
- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection)
- [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites)
- [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
- [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
- [InternetExplorer/DisableFeedsBackgroundSync](./policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
- [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
- [InternetExplorer/DisableGeolocation](./policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors)
- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing)
- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode)
- [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
- [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
- [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck)
- [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
- [InternetExplorer/DisableWebAddressAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode)
- [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
- [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
- [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
- [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
- [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
- [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
- [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript)
- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
- [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles)
- [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows)
- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
- [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript)
- [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
- [InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols)
- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols)
- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing)
- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode)
- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions)
- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions)
- [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker)
- [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
- [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
- [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
- [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
- [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions)
- [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
- [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
- [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
- [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
- [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions)
- [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
- [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
- [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions)
- [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownIntranetJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetjavapermissions)
- [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
- [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
- [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
- [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
- [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
- [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
- [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
- [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
- [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions)
- [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions)
- [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
- [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions)
- [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses)
- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses)
- [InternetExplorer/NewTabDefaultPage](./policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses)
- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter)
- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols)
- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses)
- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols)
- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses)
- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses)
- [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors)
- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript)
- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles)
- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads)
- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads)
- [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles)
- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh)
- [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol)
- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows)
- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols)
- [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
- [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript)
- [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
- [InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowvbscripttorunininternetexplorer)
- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows)
- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows)
- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing)
- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver)
- [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions)
- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe)
- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions)
- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins)
- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode)
- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting)
- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets)
- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles)
- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode)
- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker)
- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses)
- [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings)
- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice)
- [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
- [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
- [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
- [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
- [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
- [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
- [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
- [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols)
- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions)
- [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
- [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
- [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
- [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
- [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
- [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons)
- [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation)
- [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation)
- [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts)
- [LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly)
- [LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameadministratoraccount)
- [LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-renameguestaccount)
- [LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowundockwithouthavingtologon)
- [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia)
- [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters)
- [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways)
- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible)
- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin)
- [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
- [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
- [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
- [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
- [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
- [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
- [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic)
- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers)
- [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon)
- [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile)
- [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators)
- [LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers)
- [LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-detectapplicationinstallationsandpromptforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated)
- [LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations)
- [LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode)
- [LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation)
- [LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-useadminapprovalmode)
- [LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations)
- [LockDown/AllowEdgeSwipe](./policy-csp-lockdown.md#lockdown-allowedgeswipe)
- [MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes](./policy-csp-msslegacy.md#msslegacy-allowicmpredirectstooverrideospfgeneratedroutes)
- [MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers](./policy-csp-msslegacy.md#msslegacy-allowthecomputertoignorenetbiosnamereleaserequestsexceptfromwinsservers)
- [MSSLegacy/IPSourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipsourceroutingprotectionlevel)
- [MSSLegacy/IPv6SourceRoutingProtectionLevel](./policy-csp-msslegacy.md#msslegacy-ipv6sourceroutingprotectionlevel)
- [MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon](./policy-csp-mssecurityguide.md#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon)
- [MSSecurityGuide/ConfigureSMBV1ClientDriver](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1clientdriver)
- [MSSecurityGuide/ConfigureSMBV1Server](./policy-csp-mssecurityguide.md#mssecurityguide-configuresmbv1server)
- [MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection](./policy-csp-mssecurityguide.md#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection)
- [MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications](./policy-csp-mssecurityguide.md#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications)
- [MSSecurityGuide/WDigestAuthentication](./policy-csp-mssecurityguide.md#mssecurityguide-wdigestauthentication)
- [Maps/EnableOfflineMapsAutoUpdate](./policy-csp-maps.md#maps-enableofflinemapsautoupdate)
- [Messaging/AllowMessageSync](./policy-csp-messaging.md#messaging-allowmessagesync)
- [NetworkIsolation/EnterpriseCloudResources](./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources)
- [NetworkIsolation/EnterpriseIPRange](./policy-csp-networkisolation.md#networkisolation-enterpriseiprange)
- [NetworkIsolation/EnterpriseIPRangesAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative)
- [NetworkIsolation/EnterpriseInternalProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers)
- [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers)
- [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative)
- [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources)
- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification)
- [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring)
- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification)
- [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery)
- [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
- [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
- [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
- [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
- [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
- [Power/SelectLidCloseActionOnBattery](./policy-csp-power.md#power-selectlidcloseactiononbattery)
- [Power/SelectLidCloseActionPluggedIn](./policy-csp-power.md#power-selectlidcloseactionpluggedin)
- [Power/SelectPowerButtonActionOnBattery](./policy-csp-power.md#power-selectpowerbuttonactiononbattery)
- [Power/SelectPowerButtonActionPluggedIn](./policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
- [Power/SelectSleepButtonActionOnBattery](./policy-csp-power.md#power-selectsleepbuttonactiononbattery)
- [Power/SelectSleepButtonActionPluggedIn](./policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
- [Power/TurnOffHybridSleepOnBattery](./policy-csp-power.md#power-turnoffhybridsleeponbattery)
- [Power/TurnOffHybridSleepPluggedIn](./policy-csp-power.md#power-turnoffhybridsleeppluggedin)
- [Power/UnattendedSleepTimeoutOnBattery](./policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
- [Power/UnattendedSleepTimeoutPluggedIn](./policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
- [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user)
- [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard)
- [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid)
- [Privacy/DisablePrivacyExperience](./policy-csp-privacy.md#privacy-disableprivacyexperience)
- [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed)
- [Privacy/LetAppsAccessAccountInfo](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
- [Privacy/LetAppsAccessCalendar](./policy-csp-privacy.md#privacy-letappsaccesscalendar)
- [Privacy/LetAppsAccessCalendar_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps)
- [Privacy/LetAppsAccessCalendar_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps)
- [Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps)
- [Privacy/LetAppsAccessCallHistory](./policy-csp-privacy.md#privacy-letappsaccesscallhistory)
- [Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps)
- [Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps)
- [Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps)
- [Privacy/LetAppsAccessCamera](./policy-csp-privacy.md#privacy-letappsaccesscamera)
- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps)
- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps)
- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps)
- [Privacy/LetAppsAccessContacts](./policy-csp-privacy.md#privacy-letappsaccesscontacts)
- [Privacy/LetAppsAccessContacts_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps)
- [Privacy/LetAppsAccessContacts_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps)
- [Privacy/LetAppsAccessContacts_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps)
- [Privacy/LetAppsAccessEmail](./policy-csp-privacy.md#privacy-letappsaccessemail)
- [Privacy/LetAppsAccessEmail_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps)
- [Privacy/LetAppsAccessEmail_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps)
- [Privacy/LetAppsAccessEmail_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps)
- [Privacy/LetAppsAccessLocation](./policy-csp-privacy.md#privacy-letappsaccesslocation)
- [Privacy/LetAppsAccessLocation_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps)
- [Privacy/LetAppsAccessLocation_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps)
- [Privacy/LetAppsAccessLocation_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps)
- [Privacy/LetAppsAccessMessaging](./policy-csp-privacy.md#privacy-letappsaccessmessaging)
- [Privacy/LetAppsAccessMessaging_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps)
- [Privacy/LetAppsAccessMessaging_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps)
- [Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps)
- [Privacy/LetAppsAccessMicrophone](./policy-csp-privacy.md#privacy-letappsaccessmicrophone)
- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps)
- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps)
- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps)
- [Privacy/LetAppsAccessMotion](./policy-csp-privacy.md#privacy-letappsaccessmotion)
- [Privacy/LetAppsAccessMotion_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps)
- [Privacy/LetAppsAccessMotion_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps)
- [Privacy/LetAppsAccessMotion_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps)
- [Privacy/LetAppsAccessNotifications](./policy-csp-privacy.md#privacy-letappsaccessnotifications)
- [Privacy/LetAppsAccessNotifications_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps)
- [Privacy/LetAppsAccessNotifications_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps)
- [Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps)
- [Privacy/LetAppsAccessPhone](./policy-csp-privacy.md#privacy-letappsaccessphone)
- [Privacy/LetAppsAccessPhone_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps)
- [Privacy/LetAppsAccessPhone_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps)
- [Privacy/LetAppsAccessPhone_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps)
- [Privacy/LetAppsAccessRadios](./policy-csp-privacy.md#privacy-letappsaccessradios)
- [Privacy/LetAppsAccessRadios_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps)
- [Privacy/LetAppsAccessRadios_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps)
- [Privacy/LetAppsAccessRadios_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps)
- [Privacy/LetAppsAccessTasks](./policy-csp-privacy.md#privacy-letappsaccesstasks)
- [Privacy/LetAppsAccessTasks_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps)
- [Privacy/LetAppsAccessTasks_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps)
- [Privacy/LetAppsAccessTasks_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps)
- [Privacy/LetAppsAccessTrustedDevices](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices)
- [Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps)
- [Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps)
- [Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps)
- [Privacy/LetAppsGetDiagnosticInfo](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo)
- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)
- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)
- [Privacy/LetAppsRunInBackground](./policy-csp-privacy.md#privacy-letappsruninbackground)
- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps)
- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps)
- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps)
- [Privacy/LetAppsSyncWithDevices](./policy-csp-privacy.md#privacy-letappssyncwithdevices)
- [Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps)
- [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps)
- [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps)
- [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities)
- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities)
- [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
- [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
- [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
- [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
- [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
- [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
- [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
- [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
- [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
- [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client)
- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service)
- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient)
- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice)
- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement)
- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client)
- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service)
- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication)
- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient)
- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice)
- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials)
- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel)
- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts)
- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener)
- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener)
- [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
- [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess)
- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers)
- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout)
- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory)
- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses)
- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
- [Search/AllowFindMyFiles](./policy-csp-search.md#search-allowfindmyfiles)
- [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
- [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)
- [Search/AllowUsingDiacritics](./policy-csp-search.md#search-allowusingdiacritics)
- [Search/AlwaysUseAutoLangDetection](./policy-csp-search.md#search-alwaysuseautolangdetection)
- [Search/DisableBackoff](./policy-csp-search.md#search-disablebackoff)
- [Search/DisableRemovableDriveIndexing](./policy-csp-search.md#search-disableremovabledriveindexing)
- [Search/DoNotUseWebResults](./policy-csp-search.md#search-donotusewebresults)
- [Search/PreventIndexingLowDiskSpaceMB](./policy-csp-search.md#search-preventindexinglowdiskspacemb)
- [Search/PreventRemoteQueries](./policy-csp-search.md#search-preventremotequeries)
- [Security/ClearTPMIfNotReady](./policy-csp-security.md#security-cleartpmifnotready)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Settings/AllowOnlineTips](./policy-csp-settings.md#settings-allowonlinetips)
- [Settings/ConfigureTaskbarCalendar](./policy-csp-settings.md#settings-configuretaskbarcalendar)
- [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist)
- [SmartScreen/EnableAppInstallControl](./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol)
- [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
- [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
- [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
- [Start/DisableContextMenus](./policy-csp-start.md#start-disablecontextmenus)
- [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
- [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
- [Start/StartLayout](./policy-csp-start.md#start-startlayout)
- [Storage/AllowDiskHealthModelUpdates](./policy-csp-storage.md#storage-allowdiskhealthmodelupdates)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/AllowBuildPreview](./policy-csp-system.md#system-allowbuildpreview)
- [System/AllowCommercialDataPipeline](./policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowDeviceNameInDiagnosticData](./policy-csp-system.md#system-allowdevicenameindiagnosticdata)
- [System/AllowFontProviders](./policy-csp-system.md#system-allowfontproviders)
- [System/AllowLocation](./policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/ConfigureMicrosoft365UploadEndpoint](./policy-csp-system.md#system-configuremicrosoft365uploadendpoint)
- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification)
- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux)
- [System/DisableDeviceDelete](./policy-csp-system.md#system-disabledevicedelete)
- [System/DisableDiagnosticDataViewer](./policy-csp-system.md#system-disablediagnosticdataviewer)
- [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy)
- [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [System/LimitEnhancedDiagnosticDataWindowsAnalytics](./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics)
- [System/TelemetryProxy](./policy-csp-system.md#system-telemetryproxy)
- [System/TurnOffFileHistory](./policy-csp-system.md#system-turnofffilehistory)
- [SystemServices/ConfigureHomeGroupListenerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegrouplistenerservicestartupmode)
- [SystemServices/ConfigureHomeGroupProviderServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurehomegroupproviderservicestartupmode)
- [SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxaccessorymanagementservicestartupmode)
- [SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxliveauthmanagerservicestartupmode)
- [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode)
- [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode)
- [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection)
- [Troubleshooting/AllowRecommendations](./policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
- [Update/AllowAutoUpdate](./policy-csp-update.md#update-allowautoupdate)
- [Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork](./policy-csp-update.md#update-allowautowindowsupdatedownloadovermeterednetwork)
- [Update/AllowMUUpdateService](./policy-csp-update.md#update-allowmuupdateservice)
- [Update/AllowUpdateService](./policy-csp-update.md#update-allowupdateservice)
- [Update/AutoRestartDeadlinePeriodInDays](./policy-csp-update.md#update-autorestartdeadlineperiodindays)
- [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates)
- [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule)
- [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal)
- [Update/AutomaticMaintenanceWakeUp](./policy-csp-update.md#update-automaticmaintenancewakeup)
- [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel)
- [Update/ConfigureDeadlineForFeatureUpdates](./policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](./policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](./policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](./policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod)
- [Update/DeferUpgradePeriod](./policy-csp-update.md#update-deferupgradeperiod)
- [Update/DetectionFrequency](./policy-csp-update.md#update-detectionfrequency)
- [Update/DisableDualScan](./policy-csp-update.md#update-disabledualscan)
- [Update/EngagedRestartDeadline](./policy-csp-update.md#update-engagedrestartdeadline)
- [Update/EngagedRestartDeadlineForFeatureUpdates](./policy-csp-update.md#update-engagedrestartdeadlineforfeatureupdates)
- [Update/EngagedRestartSnoozeSchedule](./policy-csp-update.md#update-engagedrestartsnoozeschedule)
- [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestartsnoozescheduleforfeatureupdates)
- [Update/EngagedRestartTransitionSchedule](./policy-csp-update.md#update-engagedrestarttransitionschedule)
- [Update/EngagedRestartTransitionScheduleForFeatureUpdates](./policy-csp-update.md#update-engagedrestarttransitionscheduleforfeatureupdates)
- [Update/ExcludeWUDriversInQualityUpdate](./policy-csp-update.md#update-excludewudriversinqualityupdate)
- [Update/FillEmptyContentUrls](./policy-csp-update.md#update-fillemptycontenturls)
- [Update/ManagePreviewBuilds](./policy-csp-update.md#update-managepreviewbuilds)
- [Update/PauseDeferrals](./policy-csp-update.md#update-pausedeferrals)
- [Update/PauseFeatureUpdates](./policy-csp-update.md#update-pausefeatureupdates)
- [Update/PauseFeatureUpdatesStartTime](./policy-csp-update.md#update-pausefeatureupdatesstarttime)
- [Update/PauseQualityUpdates](./policy-csp-update.md#update-pausequalityupdates)
- [Update/PauseQualityUpdatesStartTime](./policy-csp-update.md#update-pausequalityupdatesstarttime)
- [Update/RequireDeferUpgrade](./policy-csp-update.md#update-requiredeferupgrade)
- [Update/ScheduleImminentRestartWarning](./policy-csp-update.md#update-scheduleimminentrestartwarning)
- [Update/ScheduleRestartWarning](./policy-csp-update.md#update-schedulerestartwarning)
- [Update/ScheduledInstallDay](./policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallEveryWeek](./policy-csp-update.md#update-scheduledinstalleveryweek)
- [Update/ScheduledInstallFirstWeek](./policy-csp-update.md#update-scheduledinstallfirstweek)
- [Update/ScheduledInstallFourthWeek](./policy-csp-update.md#update-scheduledinstallfourthweek)
- [Update/ScheduledInstallSecondWeek](./policy-csp-update.md#update-scheduledinstallsecondweek)
- [Update/ScheduledInstallThirdWeek](./policy-csp-update.md#update-scheduledinstallthirdweek)
- [Update/ScheduledInstallTime](./policy-csp-update.md#update-scheduledinstalltime)
- [Update/SetAutoRestartNotificationDisable](./policy-csp-update.md#update-setautorestartnotificationdisable)
- [Update/SetDisablePauseUXAccess](./policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/SetDisableUXWUAccess](./policy-csp-update.md#update-setdisableuxwuaccess)
- [Update/SetEDURestart](./policy-csp-update.md#update-setedurestart)
- [Update/UpdateNotificationLevel](./policy-csp-update.md#update-updatenotificationlevel)
- [Update/UpdateServiceUrl](./policy-csp-update.md#update-updateserviceurl)
- [Update/UpdateServiceUrlAlternate](./policy-csp-update.md#update-updateserviceurlalternate)
- [UserRights/AccessCredentialManagerAsTrustedCaller](./policy-csp-userrights.md#userrights-accesscredentialmanagerastrustedcaller)
- [UserRights/AccessFromNetwork](./policy-csp-userrights.md#userrights-accessfromnetwork)
- [UserRights/ActAsPartOfTheOperatingSystem](./policy-csp-userrights.md#userrights-actaspartoftheoperatingsystem)
- [UserRights/AllowLocalLogOn](./policy-csp-userrights.md#userrights-allowlocallogon)
- [UserRights/BackupFilesAndDirectories](./policy-csp-userrights.md#userrights-backupfilesanddirectories)
- [UserRights/ChangeSystemTime](./policy-csp-userrights.md#userrights-changesystemtime)
- [UserRights/CreateGlobalObjects](./policy-csp-userrights.md#userrights-createglobalobjects)
- [UserRights/CreatePageFile](./policy-csp-userrights.md#userrights-createpagefile)
- [UserRights/CreatePermanentSharedObjects](./policy-csp-userrights.md#userrights-createpermanentsharedobjects)
- [UserRights/CreateSymbolicLinks](./policy-csp-userrights.md#userrights-createsymboliclinks)
- [UserRights/CreateToken](./policy-csp-userrights.md#userrights-createtoken)
- [UserRights/DebugPrograms](./policy-csp-userrights.md#userrights-debugprograms)
- [UserRights/DenyAccessFromNetwork](./policy-csp-userrights.md#userrights-denyaccessfromnetwork)
- [UserRights/DenyLocalLogOn](./policy-csp-userrights.md#userrights-denylocallogon)
- [UserRights/DenyRemoteDesktopServicesLogOn](./policy-csp-userrights.md#userrights-denyremotedesktopserviceslogon)
- [UserRights/EnableDelegation](./policy-csp-userrights.md#userrights-enabledelegation)
- [UserRights/GenerateSecurityAudits](./policy-csp-userrights.md#userrights-generatesecurityaudits)
- [UserRights/ImpersonateClient](./policy-csp-userrights.md#userrights-impersonateclient)
- [UserRights/IncreaseSchedulingPriority](./policy-csp-userrights.md#userrights-increaseschedulingpriority)
- [UserRights/LoadUnloadDeviceDrivers](./policy-csp-userrights.md#userrights-loadunloaddevicedrivers)
- [UserRights/LockMemory](./policy-csp-userrights.md#userrights-lockmemory)
- [UserRights/ManageAuditingAndSecurityLog](./policy-csp-userrights.md#userrights-manageauditingandsecuritylog)
- [UserRights/ManageVolume](./policy-csp-userrights.md#userrights-managevolume)
- [UserRights/ModifyFirmwareEnvironment](./policy-csp-userrights.md#userrights-modifyfirmwareenvironment)
- [UserRights/ModifyObjectLabel](./policy-csp-userrights.md#userrights-modifyobjectlabel)
- [UserRights/ProfileSingleProcess](./policy-csp-userrights.md#userrights-profilesingleprocess)
- [UserRights/RemoteShutdown](./policy-csp-userrights.md#userrights-remoteshutdown)
- [UserRights/RestoreFilesAndDirectories](./policy-csp-userrights.md#userrights-restorefilesanddirectories)
- [UserRights/TakeOwnership](./policy-csp-userrights.md#userrights-takeownership)
- [Wifi/AllowAutoConnectToWiFiSenseHotspots](./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
- [Wifi/AllowInternetSharing](./policy-csp-wifi.md#wifi-allowinternetsharing)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)
- [WindowsDefenderSecurityCenter/CompanyName](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-companyname)
- [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableaccountprotectionui)
- [WindowsDefenderSecurityCenter/DisableAppBrowserUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableappbrowserui)
- [WindowsDefenderSecurityCenter/DisableClearTpmButton](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablecleartpmbutton)
- [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabledevicesecurityui)
- [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disableenhancednotifications)
- [WindowsDefenderSecurityCenter/DisableFamilyUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablefamilyui)
- [WindowsDefenderSecurityCenter/DisableHealthUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablehealthui)
- [WindowsDefenderSecurityCenter/DisableNetworkUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenetworkui)
- [WindowsDefenderSecurityCenter/DisableNotifications](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablenotifications)
- [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disabletpmfirmwareupdatewarning)
- [WindowsDefenderSecurityCenter/DisableVirusUI](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disablevirusui)
- [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-disallowexploitprotectionoverride)
- [WindowsDefenderSecurityCenter/Email](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-email)
- [WindowsDefenderSecurityCenter/EnableCustomizedToasts](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enablecustomizedtoasts)
- [WindowsDefenderSecurityCenter/EnableInAppCustomization](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-enableinappcustomization)
- [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hideransomwaredatarecovery)
- [WindowsDefenderSecurityCenter/HideSecureBoot](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidesecureboot)
- [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidetpmtroubleshooting)
- [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-hidewindowssecuritynotificationareacontrol)
- [WindowsDefenderSecurityCenter/Phone](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-phone)
- [WindowsDefenderSecurityCenter/URL](./policy-csp-windowsdefendersecuritycenter.md#windowsdefendersecuritycenter-url)
- [WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace)
- [WindowsInkWorkspace/AllowWindowsInkWorkspace](./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace)
- [WindowsLogon/AllowAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](./policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
- [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
- [WindowsLogon/EnableFirstLogonAnimation](./policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)
- [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers](./policy-csp-windowslogon.md#windowslogon-enumeratelocalusersondomainjoinedcomputers)
- [WindowsLogon/HideFastUserSwitching](./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching)
- [WindowsPowerShell/TurnOnPowerShellScriptBlockLogging](./policy-csp-windowspowershell.md#windowspowershell-turnonpowershellscriptblocklogging)
- [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc)
- [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

71
windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md Normal file
View File

@ -0,0 +1,71 @@
---
title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 09/17/2019
---
# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policy-csps-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
- [Bluetooth/AllowAdvertising](policy-csp-bluetooth.md#bluetooth-allowadvertising)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowAutofill](policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/RequireDeferUpgrade](policy-csp-update.md#update-requiredeferupgrade)
- [Update/RequireUpdateApproval](policy-csp-update.md#update-requireupdateapproval)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

69
windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md Normal file
View File

@ -0,0 +1,69 @@
---
title: Policy CSPs supported by HoloLens (1st gen) Development Edition
description: Policy CSPs supported by HoloLens (1st gen) Development Edition
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by HoloLens (1st gen) Development Edition
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policy-csps-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Bluetooth/AllowAdvertising](policy-csp-bluetooth.md#bluetooth-allowadvertising)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/RequireUpdateApproval](policy-csp-update.md#update-requireupdateapproval)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Update/RequireDeferUpgrade](policy-csp-update.md#update-requiredeferupgrade)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

111
windows/client-management/mdm/policy-csps-supported-by-hololens2.md Normal file
View File

@ -0,0 +1,111 @@
---
title: Policy CSPs supported by HoloLens 2
description: Policy CSPs supported by HoloLens 2
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by HoloLens 2
> [!div class="op_single_selector"]
>
> - [HoloLens 2](policy-csps-supported-by-hololens2.md)
> - [HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
> - [HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
>
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [Authentication/AllowFastReconnect](policy-csp-authentication.md#authentication-allowfastreconnect)
- [Authentication/PreferredAadTenantDomainName](policy-csp-authentication.md#authentication-preferredaadtenantdomainname)
- [Bluetooth/AllowDiscoverableMode](policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode)
- [Bluetooth/LocalDeviceName](policy-csp-bluetooth.md#bluetooth-localdevicename)
- [Browser/AllowAutofill](policy-csp-browser.md#browser-allowautofill)
- [Browser/AllowCookies](policy-csp-browser.md#browser-allowcookies)
- [Browser/AllowDoNotTrack](policy-csp-browser.md#browser-allowdonottrack)
- [Browser/AllowPasswordManager](policy-csp-browser.md#browser-allowpasswordmanager)
- [Browser/AllowPopups](policy-csp-browser.md#browser-allowpopups)
- [Browser/AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar)
- [Browser/AllowSmartScreen](policy-csp-browser.md#browser-allowsmartscreen)
- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)
- [DeviceLock/AllowIdleReturnWithoutPassword](policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword)
- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration)
- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
- [Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps)
- [Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-forceallowtheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-forcedenytheseapps)
- [Privacy/LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessbackgroundspatialperception-userincontroloftheseapps)
- [Privacy/LetAppsAccessCamera_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessCamera_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessCamera_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessGazeInput](policy-csp-privacy.md#privacy-letappsaccessgazeinput) <sup>8</sup>
- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-forceallowtheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-forcedenytheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessgazeinput-userincontroloftheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessCamera](policy-csp-privacy.md#privacy-letappsaccesscamera)
- [Privacy/LetAppsAccessLocation](policy-csp-privacy.md#privacy-letappsaccesslocation)
- [Privacy/LetAppsAccessMicrophone](policy-csp-privacy.md#privacy-letappsaccessmicrophone)
- [Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
- [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
- [Update/PauseFeatureUpdates](policy-csp-update.md#update-pausefeatureupdates)
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
Footnotes:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
- 7 - Added in Windows 10, version 1909.
- 8 - Added in the next major release of Windows 10.
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

74
windows/client-management/mdm/policy-csps-supported-by-iot-core.md Normal file
View File

@ -0,0 +1,74 @@
---
title: Policy CSPs supported by Windows 10 IoT Core
description: Policy CSPs supported by Windows 10 IoT Core
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 09/16/2019
---
# Policy CSPs supported by Windows 10 IoT Core
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
> - [IoT Core](policy-csps-supported-by-iot-core.md)
>
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [CredentialProviders/AllowPINLogon](policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
- [CredentialProviders/BlockPicturePassword](policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
- [DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md#dataprotection-allowdirectmemoryaccess)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Wifi/AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots)
- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
- [Wifi/WLANScanMode](policy-csp-wifi.md#wifi-wlanscanmode)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

69
windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md Normal file
View File

@ -0,0 +1,69 @@
---
title: Policy CSPs supported by Windows 10 IoT Enterprise
description: Policy CSPs supported by Windows 10 IoT Enterprise
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by Windows 10 IoT Enterprise
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
> - [IoT Core](policy-csps-supported-by-iot-core.md)
>
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

79
windows/client-management/mdm/policy-csps-supported-by-surface-hub.md Normal file
View File

@ -0,0 +1,79 @@
---
title: Policy CSPs supported by Microsoft Surface Hub
description: Policy CSPs supported by Microsoft Surface Hub
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by Microsoft Surface Hub
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
- [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#cryptography-tlsciphersuites)
- [Defender/AllowArchiveScanning](policy-csp-defender.md#defender-allowarchivescanning)
- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#defender-allowbehaviormonitoring)
- [Defender/AllowCloudProtection](policy-csp-defender.md#defender-allowcloudprotection)
- [Defender/AllowEmailScanning](policy-csp-defender.md#defender-allowemailscanning)
- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
- [Defender/AllowIntrusionPreventionSystem](policy-csp-defender.md#defender-allowintrusionpreventionsystem)
- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
- [Defender/AllowScriptScanning](policy-csp-defender.md#defender-allowscriptscanning)
- [Defender/AllowUserUIAccess](policy-csp-defender.md#defender-allowuseruiaccess)
- [Defender/AvgCPULoadFactor](policy-csp-defender.md#defender-avgcpuloadfactor)
- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#defender-daystoretaincleanedmalware)
- [Defender/ExcludedExtensions](policy-csp-defender.md#defender-excludedextensions)
- [Defender/ExcludedPaths](policy-csp-defender.md#defender-excludedpaths)
- [Defender/ExcludedProcesses](policy-csp-defender.md#defender-excludedprocesses)
- [Defender/PUAProtection](policy-csp-defender.md#defender-puaprotection)
- [Defender/RealTimeScanDirection](policy-csp-defender.md#defender-realtimescandirection)
- [Defender/ScanParameter](policy-csp-defender.md#defender-scanparameter)
- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#defender-schedulequickscantime)
- [Defender/ScheduleScanDay](policy-csp-defender.md#defender-schedulescanday)
- [Defender/ScheduleScanTime](policy-csp-defender.md#defender-schedulescantime)
- [Defender/SignatureUpdateInterval](policy-csp-defender.md#defender-signatureupdateinterval)
- [Defender/SubmitSamplesConsent](policy-csp-defender.md#defender-submitsamplesconsent)
- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#defender-threatseveritydefaultaction)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [TextInput/AllowIMELogging](policy-csp-textinput.md#textinput-allowimelogging)
- [TextInput/AllowIMENetworkAccess](policy-csp-textinput.md#textinput-allowimenetworkaccess)
- [TextInput/AllowInputPanel](policy-csp-textinput.md#textinput-allowinputpanel)
- [TextInput/AllowJapaneseIMESurrogatePairCharacters](policy-csp-textinput.md#textinput-allowjapaneseimesurrogatepaircharacters)
- [TextInput/AllowJapaneseIVSCharacters](policy-csp-textinput.md#textinput-allowjapaneseivscharacters)
- [TextInput/AllowJapaneseNonPublishingStandardGlyph](policy-csp-textinput.md#textinput-allowjapanesenonpublishingstandardglyph)
- [TextInput/AllowJapaneseUserDictionary](policy-csp-textinput.md#textinput-allowjapaneseuserdictionary)
- [TextInput/AllowLanguageFeaturesUninstall](policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall)
- [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208)
- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

9
windows/client-management/mdm/policies-that-can-be-set-using-eas.md → windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md
View File

@ -1,6 +1,6 @@
---
title: Policies that can be set using Exchange Active Sync (EAS)
description: Policies that can be set using Exchange Active Sync (EAS)
title: Policy CSPs that can be set using Exchange Active Sync (EAS)
description: Policy CSPs that can be set using Exchange Active Sync (EAS)
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies that can be set using Exchange Active Sync (EAS)
# Policy CSPs that can be set using Exchange Active Sync (EAS)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
@ -36,4 +36,5 @@ ms.date: 07/18/2019
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)
[Policy CSP](policy-configuration-service-provider.md)

2
windows/client-management/mdm/storage-ddf-file.md
View File

@ -1,6 +1,6 @@
---
title: Storage DDF file
description: Storage DDF file
description: See how storage configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: 247062A3-4DFB-4B14-A3D1-68D02C27703C
ms.reviewer:
manager: dansimp

4
windows/client-management/mdm/wifi-csp.md
View File

@ -1,6 +1,6 @@
---
title: WiFi CSP
description: WiFi CSP
description: The WiFi configuration service provider provides the functionality to add or delete Wi-Fi networks on a Windows device.
ms.assetid: f927cb5f-9555-4029-838b-03fb68937f06
ms.reviewer:
manager: dansimp
@ -102,7 +102,7 @@ Added in Windows 10, version 1607. Optional. When set to true it enables Web Pr
Value type is bool.
<a href="" id="wificost"></a>**WiFiCost**
Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behaviour: Unrestricted.
Added in Windows 10, version 1809. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behavior: Unrestricted.
Supported values:

2
windows/client-management/mdm/wmi-providers-supported-in-windows.md
View File

@ -1,6 +1,6 @@
---
title: WMI providers supported in Windows 10
description: WMI providers supported in Windows 10
description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
MS-HAID:
- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'

2
windows/configuration/index.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows 10 (Windows 10)
description: Learn about configuring Windows 10.
description: Apply custom accessibility configurations to devices for their users using the all the features and methods available with Windows 10.
keywords: Windows 10, MDM, WSUS, Windows update
ms.prod: w10
ms.mktglfcycl: manage

8
windows/configuration/stop-employees-from-using-microsoft-store.md
View File

@ -78,14 +78,14 @@ You can also use Group Policy to manage access to Microsoft Store.
1. Type gpedit in the search bar to find and start Group Policy Editor.
2. In the console tree of the snap-in, click **Computer Configuration**, click **Administrative Templates** , click **Windows Components**, and then click **Store**.
2. In the console tree of the snap-in, click **Computer Configuration**, click **Administrative Templates**, click **Windows Components**, and then click **Store**.
3. In the Setting pane, click **Turn off Store application**, and then click **Edit policy setting**.
3. In the Setting pane, click **Turn off the Store application**, and then click **Edit policy setting**.
4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
4. On the **Turn off the Store application** setting page, click **Enabled**, and then click **OK**.
> [!Important]
> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
> Enabling **Turn off the Store application** policy turns off app updates from Microsoft Store.
## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool

3
windows/deployment/add-store-apps-to-image.md
View File

@ -30,8 +30,7 @@ This topic describes the correct way to add Microsoft Store for Business applica
* [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) for the tools required to mount and edit Windows images.
* Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](/store-for-business/distribute-offline-apps#download-an-offline-licensed-app).
deploy-windows-cm
* Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app).
* A Windows Image. For instructions on image creation, see [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md).
>[!NOTE]

4
windows/deployment/index.yml
View File

@ -65,7 +65,7 @@ sections:
<tr><td>[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) </td><td>This topic provides information about support for upgrading from one edition of Windows 10 to another. </td>
<tr><td>[Windows 10 volume license media](windows-10-media.md) </td><td>This topic provides information about media available in the Microsoft Volume Licensing Service Center. </td>
<tr><td>[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) </td><td>With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.</td>
<tr><td>[Windows 10 deployment test lab](windows-10-poc.md) </td><td>This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). </td>
<tr><td>[Windows 10 deployment test lab](windows-10-poc.md) </td><td>This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md). </td>
<tr><td>[Plan for Windows 10 deployment](planning/index.md) </td><td>This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. </td>
<tr><td>[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) </td><td>This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). </td>
<tr><td>[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-cm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) </td><td>If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. </td>
@ -89,7 +89,7 @@ sections:
<tr><td>[Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) </td><td>Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile.</td>
<tr><td>[Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md) </td><td>Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.</td>
<tr><td>[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md) </td><td>Explains how to use WSUS to manage Windows 10 updates.</td>
<tr><td>[Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md) </td><td>Explains how to use Configuration Manager to manage Windows 10 updates.</td>
<tr><td>[Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md) </td><td>Explains how to use Configuration Manager to manage Windows 10 updates.</td>
<tr><td>[Manage device restarts after updates](update/waas-restart.md) </td><td>Explains how to manage update related device restarts.</td>
<tr><td>[Manage additional Windows Update settings](update/waas-wu-settings.md) </td><td>Provides details about settings available to control and configure Windows Update.</td>
<tr><td>[Windows Insider Program for Business](update/waas-windows-insider-for-business.md) </td><td>Explains how the Windows Insider Program for Business works and how to become an insider.</td>

2
windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
View File

@ -1,6 +1,6 @@
---
title: Prepare your organization for Windows To Go (Windows 10)
description: Prepare your organization for Windows To Go
description: Though Windows To Go is no longer being developed, you can find info here about the the “what”, “why”, and “when” of deployment.
ms.assetid: f3f3c160-90ad-40a8-aeba-2aedee18f7ff
ms.reviewer:
manager: laurawi

107
windows/deployment/planning/windows-10-fall-creators-removed-features.md
View File

@ -1,107 +0,0 @@
---
title: Windows 10 Fall Creators Update - Features removed or planned for removal
description: Which features were removed in Windows 10 Fall Creators Update (version 1709)? Which features are we thinking of removing in the future?
ms.prod: w10
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 10/09/2017
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.topic: article
---
# Features removed or planned for replacement starting with Windows 10 Fall Creators Update (version 1709)
> Applies to: Windows 10, version 1709
Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Read on for details about the features and functionalities that we removed in Windows 10 Fall Creators Update (version 1709). This list also includes information about features and functionality that we're considering removing in a future release of Windows 10. This list is intended to make you aware of current and future changes and inform your planning. **The list is subject to change and might not include every affected feature or functionality.**
## Features removed from Windows 10 Fall Creators Update
We've removed the following features and functionalities from the installed product image in Windows 10, version 1709. Applications, code, or usage that depend on these features won't function in this release unless you employ an alternate method.
### 3D Builder
No longer installed by default, [3D Builder](https://www.microsoft.com/store/p/3d-builder/9wzdncrfj3t6) is still available for download from the Microsoft Store. You can also consider using Print 3D and Paint 3D in its place.
### APN database (Apndatabase.xml)
Replaced by the Country and Operator Settings Asset (COSA) database. For more information, see the following Hardware Dev Center articles:
- [Planning your COSA/APN database submission](/windows-hardware/drivers/mobilebroadband/planning-your-apn-database-submission)
- [COSA FAQ](/windows-hardware/drivers/mobilebroadband/cosa---faq)
### Enhanced Mitigation Experience Toolkit (EMET)
Removed from the image, and you're blocked from using it. Consider using the [Exploit Protection feature](/windows/threat-protection/windows-defender-exploit-guard/exploit-protection) as a replacement. See the [Announcing Windows 10 Insider Preview Build 16232 for PC + Build 15228 for Mobile](https://blogs.windows.com/windowsexperience/2017/06/28/announcing-windows-10-insider-preview-build-16232-pc-build-15228-mobile/) for details.
### Outlook Express
Removed this non-functional code.
### Reader app
Integrated the Reader functionality into Microsoft Edge.
### Reading list
Integrated the Reading list functionality into Microsoft Edge.
### Resilient File System (ReFS)
We changed the way that ReFS works, based on the edition of Windows 10 you have. We didn't **remove** ReFS, but how you can use ReFS depends on your edition.
If you have Windows 10 Enterprise or Windows 10 Pro for Workstations: You can create, read, and write volumes.
If you have any other edition of Windows 10: You can read and write volumes, but you can't create volumes. If you need to create volumes, upgrade to the Enterprise or Pro for Workstations edition.
### Syskey.exe
Removed this security feature. Instead, we recommend using [BitLocker](/device-security/bitlocker/bitlocker-overview). For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window).
### TCP Offload Engine
Removed this code. The TCP Offload Engine functionality is now available in the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features (KB4014193)?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193/)
### TPM Owner Password Management
Removed this code.
## Features being considered for replacement starting after Windows Fall Creators Update
We are considering removing the following features and functionalities from the installed product image, starting with releases after Windows 10, version 1709. Eventually, we might completely remove them and replace them with other features or functionality (or, in some instances, make them available from different sources). These features and functionalities are *still available* in this release, but **you should begin planning now to either use alternate methods or to replace any applications, code, or usage that depend on these features.**
If you have feedback to share about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
### IIS 6 Management Compatibility
We're considering replacing the following specific DISM features:
- IIS 6 Metabase Compatibility (Web-Metabase)
- IIS 6 Management Console (Web-Lgcy-Mgmt-Console)
- IIS 6 Scripting Tools (Web-Lgcy-Scripting)
- IIS 6 WMI Compatibility (Web-WMI)
Instead of IIS 6 Metabase Compatibility (which acts as an emulation layer between IIS 6-based metabase scripts and the file-based configuration used by IIS 7 or newer versions) you should start migrating management scripts to target IIS file-based configuration directly, by using tools such as the Microsoft.Web.Administration namespace.
You should also start migration from IIS 6.0 or earlier versions, and move to the [latest version of IIS](/iis/get-started/whats-new-in-iis-10/new-features-introduced-in-iis-10).
### IIS Digest Authentication
We're considering removing the IIS Digest Authentication method. Instead, you should start using other authentication methods, such as [Client Certificate Mapping](/iis/manage/configuring-security/configuring-one-to-one-client-certificate-mappings) or [Windows Authentication](/iis/configuration/system.webServer/security/authentication/windowsAuthentication/).
### Microsoft Paint
We're considering removing MS Paint from the basic installed product image - that means it won't be installed by default. **You'll still be able to get the app separately from the [Microsoft Store](https://www.microsoft.com/store/b/home) for free.** Alternately, you can get [Paint 3D](https://www.microsoft.com/store/p/paint-3d/9nblggh5fv99) and [3D Builder](https://www.microsoft.com/store/p/3d-builder/9wzdncrfj3t6) from the Microsoft Store today; both of these offer the same functionality as Microsoft Paint, plus additional features.
### RSA/AES Encryption for IIS
We're considering removing RSA/AES encryption because the superior [Cryptography API: Next Generation (CNG)](https://msdn.microsoft.com/library/windows/desktop/bb931354(v=vs.85).aspx) method is already available.
### Sync your settings
We're considering making changes to the back-end storage that will affect the sync process: [Enterprise State Roaming](/azure/active-directory/active-directory-windows-enterprise-state-roaming-overview) and all other users will use a single cloud storage system. Both the "Sync your settings" options and the Enterprise State Roaming feature will continue to work.

2
windows/deployment/planning/windows-to-go-frequently-asked-questions.md
View File

@ -1,6 +1,6 @@
---
title: Windows To Go frequently asked questions (Windows 10)
description: Windows To Go frequently asked questions
description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
ms.reviewer:
manager: laurawi

2
windows/deployment/update/update-compliance-feature-update-status.md
View File

@ -2,7 +2,7 @@
title: Update Compliance - Feature Update Status report
ms.reviewer:
manager: laurawi
description: an overview of the Feature Update Status report
description: Find the latest status of feature updates with an overview of the Feature Update Status report.
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy

2
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows Update for Business via Group Policy (Windows 10)
description: Walkthrough demonstrating how to configure Windows Update for Business settings, using Group Policy.
description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo

2
windows/deployment/upgrade/setupdiag.md
View File

@ -3,7 +3,7 @@ title: SetupDiag
ms.reviewer:
manager: laurawi
ms.author: greglin
description: How to use the SetupDiag tool to diagnose Windows Setup errors
description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors.
keywords: deploy, troubleshoot, windows, 10, upgrade, update, setup, diagnose
ms.prod: w10
ms.mktglfcycl: deploy

153
windows/deployment/upgrade/submit-errors.md
View File

@ -1,76 +1,77 @@
---
title: Submit Windows 10 upgrade errors using Feedback Hub
ms.reviewer:
manager: laurawi
ms.author: greglin
description: Submit Windows 10 upgrade errors for diagnosis using feedback hub
keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, feedback
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
# Submit Windows 10 upgrade errors using Feedback Hub
**Applies to**
- Windows 10
>[!NOTE]
>This is a 100 level topic (basic).<br>
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
## In this topic
This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
## About the Feedback Hub
The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically.
## Submit feedback
To submit feedback about a failed Windows 10 upgrade, click the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md) 
The Feedback Hub will open.
- Under **Tell us about it**, and then under **Summarize your issue**, type **Upgrade failing**.
- Under **Give us more detail**, provide additional information about the failed upgrade, such as:
- When did the failure occur?
- Were there any reboots?
- How many times did the system reboot?
- How did the upgrade fail?
- Were any error codes visible?
- Did the computer fail to a blue screen?
- Did the computer automatically roll back or did it hang, requiring you to power cycle it before it rolled back?
- Additional details
- What type of security software is installed?
- Is the computer up to date with latest drivers and firmware?
- Are there any external devices connected?
- If you used the link above, the category and subcategory will be automatically selected. If it is not selected, choose **Install and Update** and **Windows Installation**.
You can attach a screenshot or file if desired. This is optional, but can be extremely helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
Click **Submit** to send your feedback.
See the following example:
![feedback example](../images/feedback.png)
After you click Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue. You can check on your feedback periodically to see what solutions have been provided.
## Link to your feedback
After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
![share](../images/share.jpg)
## Related topics
[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
---
title: Submit Windows 10 upgrade errors using Feedback Hub
ms.reviewer:
manager: laurawi
ms.author: greglin
description: Download the Feedback Hub app, and then submit Windows 10 upgrade errors for diagnosis using feedback hub.
keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, feedback
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
# Submit Windows 10 upgrade errors using Feedback Hub
**Applies to**
- Windows 10
>[!NOTE]
>This is a 100 level topic (basic).<br>
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
## In this topic
This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
## About the Feedback Hub
The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically.
## Submit feedback
To submit feedback about a failed Windows 10 upgrade, click the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md) 
The Feedback Hub will open.
- Under **Tell us about it**, and then under **Summarize your issue**, type **Upgrade failing**.
- Under **Give us more detail**, provide additional information about the failed upgrade, such as:
- When did the failure occur?
- Were there any reboots?
- How many times did the system reboot?
- How did the upgrade fail?
- Were any error codes visible?
- Did the computer fail to a blue screen?
- Did the computer automatically roll back or did it hang, requiring you to power cycle it before it rolled back?
- Additional details
- What type of security software is installed?
- Is the computer up to date with latest drivers and firmware?
- Are there any external devices connected?
- If you used the link above, the category and subcategory will be automatically selected. If it is not selected, choose **Install and Update** and **Windows Installation**.
You can attach a screenshot or file if desired. This is optional, but can be extremely helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
Click **Submit** to send your feedback.
See the following example:
![feedback example](../images/feedback.png)
After you click Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue. You can check on your feedback periodically to see what solutions have been provided.
## Link to your feedback
After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
![share](../images/share.jpg)
## Related topics
[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)

2
windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
View File

@ -1,6 +1,6 @@
---
title: User State Migration Tool (USMT) - Getting Started (Windows 10)
description: Getting Started with the User State Migration Tool (USMT)
description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT).
ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b
ms.reviewer:
manager: laurawi

2
windows/deployment/usmt/understanding-migration-xml-files.md
View File

@ -1,6 +1,6 @@
---
title: Understanding Migration XML Files (Windows 10)
description: Understanding Migration XML Files
description: Modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files.
ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7
ms.reviewer:
manager: laurawi

279
windows/deployment/usmt/usmt-estimate-migration-store-size.md
View File

@ -1,139 +1,140 @@
---
title: Estimate Migration Store Size (Windows 10)
description: Estimate Migration Store Size
ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Estimate Migration Store Size
The disk space requirements for a migration are dependent on the size of the migration store and the type of migration. You can estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure. You can also calculate the disk space requirements using the ScanState tool.
## In This Topic
- [Hard Disk Space Requirements](#bkmk-spacereqs). Describes the disk space requirements for the migration store and other considerations on the source and destination computers.
- [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how big the migration store will be on a particular computer.
- [Estimate Migration Store Size](#bkmk-estmigstoresize). Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure.
## <a href="" id="bkmk-spacereqs"></a>Hard Disk Space Requirements
- **Store.** For non-hard-link migrations, you should ensure that there is enough available disk space at the location where you will save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
- **Source Computer.** The source computer needs enough available space for the following:
- [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available.
- [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool.
- [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated.
- [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following:
- [Operating system.](#bkmk-estmigstoresize)
- [Applications.](#bkmk-estmigstoresize)
- [Data being migrated.](#bkmk-estmigstoresize) It is important to consider that in addition to the files being migrated, registry information will also require hard disk space for storage.
- [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool.
## <a href="" id="bkmk-calcdiskspace"></a>Calculate Disk Space Requirements using the ScanState Tool
You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day to day use so it is recommended that you use the calculations as an estimate when planning your migration.
**To run the ScanState tool on the source computer with USMT installed,**
1. Open a command prompt with administrator privileges.
2. Navigate to the USMT tools. For example, type
``` syntax
cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\User State Migration Tool\<architecture>"
```
Where *&lt;architecture&gt;* is x86 or amd64.
3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type
``` syntax
ScanState.exe <StorePath> /p:<path to a file>
```
Where *&lt;StorePath&gt;* is a path to a directory where the migration store will be saved and *&lt;path to a file&gt;* is the path and filename where the XML report for space requirements will be saved. For example,
``` syntax
ScanState.exe c:\store /p:c:\spaceRequirements.xml
```
The migration store will not be created by running this command, but `StorePath` is a required parameter.
The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md).
**Note**  
To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *&lt;path to a file&gt;* is still available in USMT.
The space requirements report provides two elements, &lt;**storeSize**&gt; and &lt;**temporarySpace**&gt;. The &lt;**temporarySpace**&gt; value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The &lt;**storeSize**&gt; value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***&lt;path to a file&gt;*.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<PreMigration>
<storeSize>
<size clusterSize="4096">11010592768</size>
</storeSize>
<temporarySpace>
<size>58189144</size>
</temporarySpace>
</PreMigration>
```
Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and will not create a store if the compliance check fails.
## <a href="" id="bkmk-estmigstoresize"></a>Estimate Migration Store Size
Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate these is to survey several computers to arrive at an average for the size of the store that you will need.
The amount of space that is required in the store will vary, depending on the local storage strategies your organization uses. For example, one key element that determines the size of migration data sets is e-mail storage. If e-mail is stored centrally, data sets will be smaller. If e-mail is stored locally, such as offline-storage files, data sets will be larger. Mobile users will typically have larger data sets than workstation users. You should perform tests and inventory the network to determine the average data set size in your organization.
**Note**  
You can create a space-estimate file (Usmtsize.txt), by using the legacy **/p** command-line option to estimate the size of the store.
When trying to determine how much disk space you will need, consider the following issues:
- **E-mail** : If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server.
- **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You do not need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration.
- **User system settings** Five megabytes is usually adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB.
## Related topics
[Common Migration Scenarios](usmt-common-migration-scenarios.md)
---
title: Estimate Migration Store Size (Windows 10)
description: Estimate the disk space requirement for a migration so that you can use User State Migration Tool (USMT).
ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Estimate Migration Store Size
The disk space requirements for a migration are dependent on the size of the migration store and the type of migration. You can estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure. You can also calculate the disk space requirements using the ScanState tool.
## In This Topic
- [Hard Disk Space Requirements](#bkmk-spacereqs). Describes the disk space requirements for the migration store and other considerations on the source and destination computers.
- [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how big the migration store will be on a particular computer.
- [Estimate Migration Store Size](#bkmk-estmigstoresize). Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure.
## <a href="" id="bkmk-spacereqs"></a>Hard Disk Space Requirements
- **Store.** For non-hard-link migrations, you should ensure that there is enough available disk space at the location where you will save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
- **Source Computer.** The source computer needs enough available space for the following:
- [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available.
- [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool.
- [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated.
- [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following:
- [Operating system.](#bkmk-estmigstoresize)
- [Applications.](#bkmk-estmigstoresize)
- [Data being migrated.](#bkmk-estmigstoresize) It is important to consider that in addition to the files being migrated, registry information will also require hard disk space for storage.
- [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool.
## <a href="" id="bkmk-calcdiskspace"></a>Calculate Disk Space Requirements using the ScanState Tool
You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day to day use so it is recommended that you use the calculations as an estimate when planning your migration.
**To run the ScanState tool on the source computer with USMT installed,**
1. Open a command prompt with administrator privileges.
2. Navigate to the USMT tools. For example, type
``` syntax
cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\User State Migration Tool\<architecture>"
```
Where *&lt;architecture&gt;* is x86 or amd64.
3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type
``` syntax
ScanState.exe <StorePath> /p:<path to a file>
```
Where *&lt;StorePath&gt;* is a path to a directory where the migration store will be saved and *&lt;path to a file&gt;* is the path and filename where the XML report for space requirements will be saved. For example,
``` syntax
ScanState.exe c:\store /p:c:\spaceRequirements.xml
```
The migration store will not be created by running this command, but `StorePath` is a required parameter.
The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md).
**Note**  
To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *&lt;path to a file&gt;* is still available in USMT.
The space requirements report provides two elements, &lt;**storeSize**&gt; and &lt;**temporarySpace**&gt;. The &lt;**temporarySpace**&gt; value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The &lt;**storeSize**&gt; value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***&lt;path to a file&gt;*.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<PreMigration>
<storeSize>
<size clusterSize="4096">11010592768</size>
</storeSize>
<temporarySpace>
<size>58189144</size>
</temporarySpace>
</PreMigration>
```
Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and will not create a store if the compliance check fails.
## <a href="" id="bkmk-estmigstoresize"></a>Estimate Migration Store Size
Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate these is to survey several computers to arrive at an average for the size of the store that you will need.
The amount of space that is required in the store will vary, depending on the local storage strategies your organization uses. For example, one key element that determines the size of migration data sets is e-mail storage. If e-mail is stored centrally, data sets will be smaller. If e-mail is stored locally, such as offline-storage files, data sets will be larger. Mobile users will typically have larger data sets than workstation users. You should perform tests and inventory the network to determine the average data set size in your organization.
**Note**  
You can create a space-estimate file (Usmtsize.txt), by using the legacy **/p** command-line option to estimate the size of the store.
When trying to determine how much disk space you will need, consider the following issues:
- **E-mail** : If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server.
- **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You do not need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration.
- **User system settings** Five megabytes is usually adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB.
## Related topics
[Common Migration Scenarios](usmt-common-migration-scenarios.md)

2
windows/deployment/usmt/usmt-hard-link-migration-store.md
View File

@ -1,6 +1,6 @@
---
title: Hard-Link Migration Store (Windows 10)
description: Hard-Link Migration Store
description: Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization.
ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574
ms.reviewer:
manager: laurawi

125
windows/deployment/usmt/usmt-identify-application-settings.md
View File

@ -1,62 +1,63 @@
---
title: Identify Applications Settings (Windows 10)
description: Identify Applications Settings
ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Identify Applications Settings
When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML Files](usmt-customize-xml-files.md).
## Applications
First, create and prioritize a list of applications that to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, the applications are prioritized based on a combination of how widely the application is used and how complex the application is.
Next, identify an application owner to be in charge of each application. This is necessary because the developers will not be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application.
## Application Settings
Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you are testing the new applications for compatibility with the new operating system.
After completing the list of applications to be migrated, review the list and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully:
- Is the destination version of the application newer than the source version?
- Do these settings work with the new version?
- Do the settings need to be moved or altered?
- Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application?
After answering these questions, create a custom .xml file to migrate settings. Work with the application owner to develop test cases and to determine the file types that need to be migrated for the application.
## Locating Where Settings Are Stored
See [Migrate Application Settings](migrate-application-settings.md) and follow the directions.
## Related topics
[Determine What to Migrate](usmt-determine-what-to-migrate.md)
 
 
---
title: Identify Applications Settings (Windows 10)
description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT).
ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Identify Applications Settings
When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML Files](usmt-customize-xml-files.md).
## Applications
First, create and prioritize a list of applications that to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, the applications are prioritized based on a combination of how widely the application is used and how complex the application is.
Next, identify an application owner to be in charge of each application. This is necessary because the developers will not be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application.
## Application Settings
Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you are testing the new applications for compatibility with the new operating system.
After completing the list of applications to be migrated, review the list and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully:
- Is the destination version of the application newer than the source version?
- Do these settings work with the new version?
- Do the settings need to be moved or altered?
- Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application?
After answering these questions, create a custom .xml file to migrate settings. Work with the application owner to develop test cases and to determine the file types that need to be migrated for the application.
## Locating Where Settings Are Stored
See [Migrate Application Settings](migrate-application-settings.md) and follow the directions.
## Related topics
[Determine What to Migrate](usmt-determine-what-to-migrate.md)
 
 

121
windows/deployment/usmt/usmt-identify-operating-system-settings.md
View File

@ -1,60 +1,61 @@
---
title: Identify Operating System Settings (Windows 10)
description: Identify Operating System Settings
ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Identify Operating System Settings
When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following:
- **Apperance.**
This includes items such as wallpaper, colors, sounds, and the location of the taskbar.
- **Action.**
This includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it.
- **Internet.**
These are the settings that let you connect to the Internet and control how your browser operates. This includes items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings.
- **Mail.**
This includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts.
To help you decide which settings to migrate, you should consider any previous migration experiences as well as the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of.
You should migrate any settings that users need to get their jobs done, those that make the work environment comfortable, and those that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider that users can spend a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process.
**Note**  
For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
For information about the operating-system settings that USMT migrates, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
## Related topics
[Determine What to Migrate](usmt-determine-what-to-migrate.md)
---
title: Identify Operating System Settings (Windows 10)
description: Identify which system settings you want to migrate, then use the User State Migration Tool (USMT) to select settings and keep the default values for all others.
ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Identify Operating System Settings
When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following:
- **Apperance.**
This includes items such as wallpaper, colors, sounds, and the location of the taskbar.
- **Action.**
This includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it.
- **Internet.**
These are the settings that let you connect to the Internet and control how your browser operates. This includes items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings.
- **Mail.**
This includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts.
To help you decide which settings to migrate, you should consider any previous migration experiences as well as the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of.
You should migrate any settings that users need to get their jobs done, those that make the work environment comfortable, and those that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider that users can spend a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process.
**Note**  
For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
For information about the operating-system settings that USMT migrates, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
## Related topics
[Determine What to Migrate](usmt-determine-what-to-migrate.md)

2
windows/deployment/usmt/usmt-include-files-and-settings.md
View File

@ -1,6 +1,6 @@
---
title: Include Files and Settings (Windows 10)
description: Include Files and Settings
description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0 to migrate the settings and components specified.
ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8
ms.reviewer:
manager: laurawi

153
windows/deployment/usmt/usmt-migration-store-encryption.md
View File

@ -1,76 +1,77 @@
---
title: Migration Store Encryption (Windows 10)
description: Migration Store Encryption
ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Migration Store Encryption
This topic discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration.
## USMT Encryption Options
USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.
The encryption algorithm you choose must be specified for both the **ScanState** and the **LoadState** commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the **ScanState** and the **LoadState** command lines by using the **/encrypt**:*"encryptionstrength"* and the **/decrypt**:*"encryptionstrength"* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the Usmtutils.exe file to determine which encryption algorithms are available to the computers' locales before you begin the migration.
The following table describes the command-line encryption options in USMT.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Component</th>
<th align="left">Option</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><strong>ScanState</strong></p></td>
<td align="left"><p><strong>/encrypt</strong><em>&lt;AES, AES_128, AES_192, AES_256, 3DES, 3DES_112&gt;</em></p></td>
<td align="left"><p>This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the <strong>ScanState</strong> tool employs the 3DES algorithm.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>LoadState</strong></p></td>
<td align="left"><p><strong>/decrypt</strong><em>&lt;AES, AES_128, AES_192, AES_256, 3DES, 3DES_112&gt;</em></p></td>
<td align="left"><p>This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the <strong>LoadState</strong> tool employs the 3DES algorithm.</p></td>
</tr>
</tbody>
</table>
**Important**  
Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md)
## Related topics
[Plan Your Migration](usmt-plan-your-migration.md)
---
title: Migration Store Encryption (Windows 10)
description:  Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES).
ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Migration Store Encryption
This topic discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration.
## USMT Encryption Options
USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.
The encryption algorithm you choose must be specified for both the **ScanState** and the **LoadState** commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the **ScanState** and the **LoadState** command lines by using the **/encrypt**:*"encryptionstrength"* and the **/decrypt**:*"encryptionstrength"* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the Usmtutils.exe file to determine which encryption algorithms are available to the computers' locales before you begin the migration.
The following table describes the command-line encryption options in USMT.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Component</th>
<th align="left">Option</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><strong>ScanState</strong></p></td>
<td align="left"><p><strong>/encrypt</strong><em>&lt;AES, AES_128, AES_192, AES_256, 3DES, 3DES_112&gt;</em></p></td>
<td align="left"><p>This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the <strong>ScanState</strong> tool employs the 3DES algorithm.</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>LoadState</strong></p></td>
<td align="left"><p><strong>/decrypt</strong><em>&lt;AES, AES_128, AES_192, AES_256, 3DES, 3DES_112&gt;</em></p></td>
<td align="left"><p>This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the <strong>LoadState</strong> tool employs the 3DES algorithm.</p></td>
</tr>
</tbody>
</table>
**Important**  
Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md)
## Related topics
[Plan Your Migration](usmt-plan-your-migration.md)

323
windows/deployment/usmt/usmt-requirements.md
View File

@ -1,161 +1,162 @@
---
title: USMT Requirements (Windows 10)
description: USMT Requirements
ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 05/03/2017
ms.topic: article
---
# USMT Requirements
## In This Topic
- [Supported Operating Systems](#bkmk-1)
- [Windows PE](#windows-pe)
- [Credentials](#credentials)
- [Config.xml](#configxml)
- [LoadState](#loadstate)
- [Hard Disk Requirements](#bkmk-3)
- [User Prerequisites](#bkmk-userprereqs)
## <a href="" id="bkmk-1"></a>Supported Operating Systems
The User State Migration Tool (USMT) 10.0 does not have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings.
The following table lists the operating systems supported in USMT.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating Systems</th>
<th align="left">ScanState (source computer)</th>
<th align="left">LoadState (destination computer)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 7</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 7</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 8</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 8</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 10</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 10</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
</tbody>
</table>
**Note**  
You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system.
USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7.
USMT for Windows 10 should not be used for migrating from Windows 7 to Windows 8.1. It is meant to migrate to Windows 10.
For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 Users Guide](https://go.microsoft.com/fwlink/p/?LinkId=246564). 
## Windows PE
- **Must use latest version of Window PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](https://msdn.microsoft.com/library/windows/hardware/dn938350.aspx).
## Credentials
- **Run as administrator**
When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
To open an elevated command prompt:
1. Click **Start**.
2. Enter **cmd** in the search function.
3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed.
3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**.
4. If the current user is not already an administrator, you will be prompted to enter administrator credentials.
**Important**<BR>
You must run USMT using an account with full administrative permissions, including the following privileges:
- SeBackupPrivilege (Back up files and directories)
- SeDebugPrivilege (Debug programs)
- SeRestorePrivilege (Restore files and directories)
- SeSecurityPrivilege (Manage auditing and security log)
- SeTakeOwnership Privilege (Take ownership of files or other objects)
## Config.xml
- **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.**<BR>
USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
## LoadState
- **Install applications before running the LoadState command.**<BR>
Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
## <a href="" id="bkmk-3"></a>Hard-Disk Requirements
Ensure that there is enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).
## <a href="" id="bkmk-userprereqs"></a>User Prerequisites
This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
- The navigation and hierarchy of the Windows registry.
- The files and file types that applications use.
- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
- XML-authoring basics.
## Related topics
[Plan Your Migration](usmt-plan-your-migration.md)<BR>
[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)<BR>
[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>
---
title: USMT Requirements (Windows 10)
description: While the User State Migration Tool (USMT) doesn't have many requirements, these tips and tricks can help smooth the migration process.
ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 05/03/2017
ms.topic: article
---
# USMT Requirements
## In This Topic
- [Supported Operating Systems](#bkmk-1)
- [Windows PE](#windows-pe)
- [Credentials](#credentials)
- [Config.xml](#configxml)
- [LoadState](#loadstate)
- [Hard Disk Requirements](#bkmk-3)
- [User Prerequisites](#bkmk-userprereqs)
## <a href="" id="bkmk-1"></a>Supported Operating Systems
The User State Migration Tool (USMT) 10.0 does not have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings.
The following table lists the operating systems supported in USMT.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating Systems</th>
<th align="left">ScanState (source computer)</th>
<th align="left">LoadState (destination computer)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 7</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 7</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 8</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 8</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="odd">
<td align="left"><p>32-bit versions of Windows 10</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>64-bit versions of Windows 10</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
</tbody>
</table>
**Note**  
You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system.
USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7.
USMT for Windows 10 should not be used for migrating from Windows 7 to Windows 8.1. It is meant to migrate to Windows 10.
For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 Users Guide](https://go.microsoft.com/fwlink/p/?LinkId=246564). 
## Windows PE
- **Must use latest version of Window PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](https://msdn.microsoft.com/library/windows/hardware/dn938350.aspx).
## Credentials
- **Run as administrator**
When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
To open an elevated command prompt:
1. Click **Start**.
2. Enter **cmd** in the search function.
3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed.
3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**.
4. If the current user is not already an administrator, you will be prompted to enter administrator credentials.
**Important**<BR>
You must run USMT using an account with full administrative permissions, including the following privileges:
- SeBackupPrivilege (Back up files and directories)
- SeDebugPrivilege (Debug programs)
- SeRestorePrivilege (Restore files and directories)
- SeSecurityPrivilege (Manage auditing and security log)
- SeTakeOwnership Privilege (Take ownership of files or other objects)
## Config.xml
- **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.**<BR>
USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
## LoadState
- **Install applications before running the LoadState command.**<BR>
Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
## <a href="" id="bkmk-3"></a>Hard-Disk Requirements
Ensure that there is enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).
## <a href="" id="bkmk-userprereqs"></a>User Prerequisites
This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
- The navigation and hierarchy of the Windows registry.
- The files and file types that applications use.
- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
- XML-authoring basics.
## Related topics
[Plan Your Migration](usmt-plan-your-migration.md)<BR>
[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)<BR>
[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>

157
windows/deployment/usmt/usmt-xml-reference.md
View File

@ -1,78 +1,79 @@
---
title: USMT XML Reference (Windows 10)
description: USMT XML Reference
ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# USMT XML Reference
This section contains topics that you can use to work with and to customize the migration XML files.
## In This Section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><a href="understanding-migration-xml-files.md" data-raw-source="[Understanding Migration XML Files](understanding-migration-xml-files.md)">Understanding Migration XML Files</a></p></td>
<td align="left"><p>Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-configxml-file.md" data-raw-source="[Config.xml File](usmt-configxml-file.md)">Config.xml File</a></p></td>
<td align="left"><p>Describes the Config.xml file and policies concerning its configuration.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-customize-xml-files.md" data-raw-source="[Customize USMT XML Files](usmt-customize-xml-files.md)">Customize USMT XML Files</a></p></td>
<td align="left"><p>Describes how to customize USMT XML files.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-custom-xml-examples.md" data-raw-source="[Custom XML Examples](usmt-custom-xml-examples.md)">Custom XML Examples</a></p></td>
<td align="left"><p>Gives examples of XML files for various migration scenarios.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-conflicts-and-precedence.md" data-raw-source="[Conflicts and Precedence](usmt-conflicts-and-precedence.md)">Conflicts and Precedence</a></p></td>
<td align="left"><p>Describes the precedence of migration rules and how conflicts are handled.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-general-conventions.md" data-raw-source="[General Conventions](usmt-general-conventions.md)">General Conventions</a></p></td>
<td align="left"><p>Describes the XML helper functions.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="xml-file-requirements.md" data-raw-source="[XML File Requirements](xml-file-requirements.md)">XML File Requirements</a></p></td>
<td align="left"><p>Describes the requirements for custom XML files.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-recognized-environment-variables.md" data-raw-source="[Recognized Environment Variables](usmt-recognized-environment-variables.md)">Recognized Environment Variables</a></p></td>
<td align="left"><p>Describes environment variables recognized by USMT.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-xml-elements-library.md" data-raw-source="[XML Elements Library](usmt-xml-elements-library.md)">XML Elements Library</a></p></td>
<td align="left"><p>Describes the XML elements and helper functions for authoring migration XML files to use with USMT.</p></td>
</tr>
</tbody>
</table>
---
title: USMT XML Reference (Windows 10)
description: Work with and customize the migration XML files using USMT XML Reference for Windows 10.
ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# USMT XML Reference
This section contains topics that you can use to work with and to customize the migration XML files.
## In This Section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><a href="understanding-migration-xml-files.md" data-raw-source="[Understanding Migration XML Files](understanding-migration-xml-files.md)">Understanding Migration XML Files</a></p></td>
<td align="left"><p>Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-configxml-file.md" data-raw-source="[Config.xml File](usmt-configxml-file.md)">Config.xml File</a></p></td>
<td align="left"><p>Describes the Config.xml file and policies concerning its configuration.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-customize-xml-files.md" data-raw-source="[Customize USMT XML Files](usmt-customize-xml-files.md)">Customize USMT XML Files</a></p></td>
<td align="left"><p>Describes how to customize USMT XML files.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-custom-xml-examples.md" data-raw-source="[Custom XML Examples](usmt-custom-xml-examples.md)">Custom XML Examples</a></p></td>
<td align="left"><p>Gives examples of XML files for various migration scenarios.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-conflicts-and-precedence.md" data-raw-source="[Conflicts and Precedence](usmt-conflicts-and-precedence.md)">Conflicts and Precedence</a></p></td>
<td align="left"><p>Describes the precedence of migration rules and how conflicts are handled.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-general-conventions.md" data-raw-source="[General Conventions](usmt-general-conventions.md)">General Conventions</a></p></td>
<td align="left"><p>Describes the XML helper functions.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="xml-file-requirements.md" data-raw-source="[XML File Requirements](xml-file-requirements.md)">XML File Requirements</a></p></td>
<td align="left"><p>Describes the requirements for custom XML files.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="usmt-recognized-environment-variables.md" data-raw-source="[Recognized Environment Variables](usmt-recognized-environment-variables.md)">Recognized Environment Variables</a></p></td>
<td align="left"><p>Describes environment variables recognized by USMT.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><a href="usmt-xml-elements-library.md" data-raw-source="[XML Elements Library](usmt-xml-elements-library.md)">XML Elements Library</a></p></td>
<td align="left"><p>Describes the XML elements and helper functions for authoring migration XML files to use with USMT.</p></td>
</tr>
</tbody>
</table>

257
windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
View File

@ -1,128 +1,129 @@
---
title: Verify the Condition of a Compressed Migration Store (Windows 10)
description: Verify the Condition of a Compressed Migration Store
ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Verify the Condition of a Compressed Migration Store
When you migrate files and settings during a typical PC-refresh migration, the user state is usually stored in a compressed folder on the intermediate store. This compressed folder, also called the compressed migration store, is a single image file that contains:
- All of the files being migrated.
- The users settings.
- A catalog file that contains metadata for all files in the migration store.
When you run the **LoadState** command to load the data from these files to the destination computer, LoadState requires a valid catalog file in order to open the migration store. You can run the **UsmtUtils** command with the **/verify** option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the **/verify** option on the migration store before you overwrite the original user-state files and settings.
When you use the **/verify** option, you can specify what type of information to report in the UsmtUtils log file. These report types are:
- **Catalog**: Displays the status of only the catalog file.
- **All**: Displays the status of all files, including the catalog file.
- **Failure only**: Displays only the files that are corrupted.
## In This Topic
The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
- [The UsmtUtils syntax for the /verify option](#bkmk-verifysyntax)
- [To verify that the migration store is intact](#bkmk-verifyintactstore)
- [To verify the status of only the catalog file](#bkmk-verifycatalog)
- [To verify the status of all files](#bkmk-verifyallfiles)
- [To verify the status of the files and return only the corrupted files](#bkmk-returncorrupted)
### <a href="" id="bkmk-verifysyntax"></a>The UsmtUtils Syntax for the /verify Option
To verify the condition of a compressed migration store, use the following UsmtUtils syntax:
cd /d&lt;USMTpath&gt;usmtutils /verify\[:&lt;reportType&gt;\] &lt;filePath&gt; \[/l:&lt;logfile&gt;\] \[/decrypt \[:&lt;AlgID&gt;\] {/key:&lt;keystring&gt; | /keyfile:&lt;filename&gt;}\]
Where the placeholders have the following values:
- *&lt;USMTpath&gt;* is the location where you have saved the USMT files and tools.
- *&lt;reportType&gt;* specifies whether to report on all files, corrupted files only, or the status of the catalog.
- *&lt;filePath&gt;* is the location of the compressed migration store.
- *&lt;logfile&gt;* is the location and name of the log file.
- *&lt;AlgID&gt;* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
- *&lt;keystring&gt;* is the encryption key that was used to encrypt the migration store.
- *&lt;filename&gt;* is the location and name of the text file that contains the encryption key.
### <a href="" id="bkmk-verifyintactstore"></a>To Verify that the Migration Store is Intact
To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, type:
``` syntax
usmtutils /verify D:\MyMigrationStore\store.mig
```
Because no report type is specified, UsmtUtils displays the default summary report.
### <a href="" id="bkmk-verifycatalog"></a>To Verify the Status of Only the Catalog File
To verify whether the catalog file is corrupted or intact, type:
``` syntax
usmtutils /verify:catalog D:\MyMigrationStore\store.mig
```
### <a href="" id="bkmk-verifyallfiles"></a>To Verify the Status of all Files
To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, type:
`usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, UsmtUtils uses the default 3DES cryptographic algorithm.
### <a href="" id="bkmk-returncorrupted"></a>To Verify the Status of the Files and Return Only the Corrupted Files
In this example, the log file will only list the files that became corrupted during the ScanState process. This list will include the catalog file if it is also corrupted.
``` syntax
usmtutils /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt
```
This example also decrypts the files by specifying the cryptographic algorithm and the location of the file that contains the encryption key.
### Next Steps
If the **/verify** option indicates that there are corrupted files in the migration store, you can use the **/extract** option in the UsmtUtils tool to recover data from some corrupted stores. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
## Related topics
[UsmtUtils Syntax](usmt-utilities.md)
[Return Codes](usmt-return-codes.md)
 
 
---
title: Verify the Condition of a Compressed Migration Store (Windows 10)
description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT).
ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Verify the Condition of a Compressed Migration Store
When you migrate files and settings during a typical PC-refresh migration, the user state is usually stored in a compressed folder on the intermediate store. This compressed folder, also called the compressed migration store, is a single image file that contains:
- All of the files being migrated.
- The users settings.
- A catalog file that contains metadata for all files in the migration store.
When you run the **LoadState** command to load the data from these files to the destination computer, LoadState requires a valid catalog file in order to open the migration store. You can run the **UsmtUtils** command with the **/verify** option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the **/verify** option on the migration store before you overwrite the original user-state files and settings.
When you use the **/verify** option, you can specify what type of information to report in the UsmtUtils log file. These report types are:
- **Catalog**: Displays the status of only the catalog file.
- **All**: Displays the status of all files, including the catalog file.
- **Failure only**: Displays only the files that are corrupted.
## In This Topic
The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
- [The UsmtUtils syntax for the /verify option](#bkmk-verifysyntax)
- [To verify that the migration store is intact](#bkmk-verifyintactstore)
- [To verify the status of only the catalog file](#bkmk-verifycatalog)
- [To verify the status of all files](#bkmk-verifyallfiles)
- [To verify the status of the files and return only the corrupted files](#bkmk-returncorrupted)
### <a href="" id="bkmk-verifysyntax"></a>The UsmtUtils Syntax for the /verify Option
To verify the condition of a compressed migration store, use the following UsmtUtils syntax:
cd /d&lt;USMTpath&gt;usmtutils /verify\[:&lt;reportType&gt;\] &lt;filePath&gt; \[/l:&lt;logfile&gt;\] \[/decrypt \[:&lt;AlgID&gt;\] {/key:&lt;keystring&gt; | /keyfile:&lt;filename&gt;}\]
Where the placeholders have the following values:
- *&lt;USMTpath&gt;* is the location where you have saved the USMT files and tools.
- *&lt;reportType&gt;* specifies whether to report on all files, corrupted files only, or the status of the catalog.
- *&lt;filePath&gt;* is the location of the compressed migration store.
- *&lt;logfile&gt;* is the location and name of the log file.
- *&lt;AlgID&gt;* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
- *&lt;keystring&gt;* is the encryption key that was used to encrypt the migration store.
- *&lt;filename&gt;* is the location and name of the text file that contains the encryption key.
### <a href="" id="bkmk-verifyintactstore"></a>To Verify that the Migration Store is Intact
To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, type:
``` syntax
usmtutils /verify D:\MyMigrationStore\store.mig
```
Because no report type is specified, UsmtUtils displays the default summary report.
### <a href="" id="bkmk-verifycatalog"></a>To Verify the Status of Only the Catalog File
To verify whether the catalog file is corrupted or intact, type:
``` syntax
usmtutils /verify:catalog D:\MyMigrationStore\store.mig
```
### <a href="" id="bkmk-verifyallfiles"></a>To Verify the Status of all Files
To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, type:
`usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, UsmtUtils uses the default 3DES cryptographic algorithm.
### <a href="" id="bkmk-returncorrupted"></a>To Verify the Status of the Files and Return Only the Corrupted Files
In this example, the log file will only list the files that became corrupted during the ScanState process. This list will include the catalog file if it is also corrupted.
``` syntax
usmtutils /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt
```
This example also decrypts the files by specifying the cryptographic algorithm and the location of the file that contains the encryption key.
### Next Steps
If the **/verify** option indicates that there are corrupted files in the migration store, you can use the **/extract** option in the UsmtUtils tool to recover data from some corrupted stores. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
## Related topics
[UsmtUtils Syntax](usmt-utilities.md)
[Return Codes](usmt-return-codes.md)
 
 

2
windows/deployment/volume-activation/active-directory-based-activation-overview.md
View File

@ -1,6 +1,6 @@
---
title: Active Directory-Based Activation Overview (Windows 10)
description: Active Directory-Based Activation Overview
description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA).
ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0
ms.reviewer:
manager: laurawi

61
windows/deployment/volume-activation/add-manage-products-vamt.md
View File

@ -1,30 +1,31 @@
---
title: Add and Manage Products (Windows 10)
description: Add and Manage Products
ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Add and Manage Products
This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
## In this Section
|Topic |Description |
|------|------------|
|[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. |
|[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. |
|[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. |
---
title: Add and Manage Products (Windows 10)
description: Add and manage computers with the Volume Activation Management Tool (VAMT).
ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Add and Manage Products
This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
## In this Section
|Topic |Description |
|------|------------|
|[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. |
|[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. |
|[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. |

127
windows/deployment/volume-activation/add-remove-computers-vamt.md
View File

@ -1,63 +1,64 @@
---
title: Add and Remove Computers (Windows 10)
description: Add and Remove Computers
ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.pagetype: activation
ms.date: 04/25/2017
ms.topic: article
---
# Add and Remove Computers
You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function.
Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md).
## To add computers to a VAMT database
1. Open VAMT.
2. Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box.
3. In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query.
- To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
- To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks.
4. Click **Search**.
5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below.
To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane.
![VAMT, Finding computers dialog box](images/dep-win8-l-vamt-findingcomputerdialog.gif)
**Important**  
This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function.
## To add products to VAMT
1. In the **Products** list, select the computers that need to have their product information added to the VAMT database.
2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
4. Click **Filter**. VAMT displays the filtered list in the center pane.
5. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
**Note**  
If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
## To remove computers from a VAMT database
You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database.
## Related topics
- [Add and Manage Products](add-manage-products-vamt.md)
---
title: Add and Remove Computers (Windows 10)
description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query.
ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.pagetype: activation
ms.date: 04/25/2017
ms.topic: article
---
# Add and Remove Computers
You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function.
Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md).
## To add computers to a VAMT database
1. Open VAMT.
2. Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box.
3. In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query.
- To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
- To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks.
4. Click **Search**.
5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below.
To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane.
![VAMT, Finding computers dialog box](images/dep-win8-l-vamt-findingcomputerdialog.gif)
**Important**  
This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function.
## To add products to VAMT
1. In the **Products** list, select the computers that need to have their product information added to the VAMT database.
2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
4. Click **Filter**. VAMT displays the filtered list in the center pane.
5. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
**Note**  
If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
## To remove computers from a VAMT database
You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database.
## Related topics
- [Add and Manage Products](add-manage-products-vamt.md)

99
windows/deployment/volume-activation/kms-activation-vamt.md
View File

@ -1,49 +1,50 @@
---
title: Perform KMS Activation (Windows 10)
description: Perform KMS Activation
ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform KMS Activation
The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
## Requirements
Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements:
- KMS host is set up and enabled.
- KMS clients can access the KMS host.
- VAMT is installed on a central computer with network access to all client computers.
- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
## To configure devices for KMS activation
**To configure devices for KMS activation**
1. Open VAMT.
2. If necessary, set up the KMS activation preferences. If you dont need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2.
3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
4. Under **Key Management Services host selection**, select one of the following options:
- **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation.
- **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation.
- **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host.
5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box.
6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
7. Click **Filter**. VAMT displays the filtered list in the center pane.
8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**.
9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using.
10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**.
VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane.
 
---
title: Perform KMS Activation (Windows 10)
description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform KMS Activation
The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
## Requirements
Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements:
- KMS host is set up and enabled.
- KMS clients can access the KMS host.
- VAMT is installed on a central computer with network access to all client computers.
- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
## To configure devices for KMS activation
**To configure devices for KMS activation**
1. Open VAMT.
2. If necessary, set up the KMS activation preferences. If you dont need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2.
3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
4. Under **Key Management Services host selection**, select one of the following options:
- **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation.
- **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation.
- **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host.
5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box.
6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
7. Click **Filter**. VAMT displays the filtered list in the center pane.
8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**.
9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using.
10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**.
VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane.
 

95
windows/deployment/volume-activation/local-reactivation-vamt.md
View File

@ -1,47 +1,48 @@
---
title: Perform Local Reactivation (Windows 10)
description: Perform Local Reactivation
ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform Local Reactivation
If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer.
Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key.
**Note**  
During the initial proxy activation, the CID is bound to a digital “fingerprint”, which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft.
## To Perform a Local Reactivation
**To perform a local reactivation**
1. Open VAMT. Make sure that you are connected to the desired database.
2. In the left-side pane, click the product you want to reactivate to display the products list.
3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the center pane.
6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**.
7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using.
8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
VAMT displays the **Apply Confirmation ID** dialog box.
10. If you are using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID.
11. If you are activating a product that requires administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** check box.
12. Click **OK**.
## Related topics
- [Manage Activations](manage-activations-vamt.md)
---
title: Perform Local Reactivation (Windows 10)
description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT).
ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform Local Reactivation
If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer.
Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key.
**Note**  
During the initial proxy activation, the CID is bound to a digital “fingerprint”, which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft.
## To Perform a Local Reactivation
**To perform a local reactivation**
1. Open VAMT. Make sure that you are connected to the desired database.
2. In the left-side pane, click the product you want to reactivate to display the products list.
3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the center pane.
6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**.
7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using.
8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
VAMT displays the **Apply Confirmation ID** dialog box.
10. If you are using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID.
11. If you are activating a product that requires administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** check box.
12. Click **OK**.
## Related topics
- [Manage Activations](manage-activations-vamt.md)

117
windows/deployment/volume-activation/proxy-activation-vamt.md
View File

@ -1,58 +1,59 @@
---
title: Perform Proxy Activation (Windows 10)
description: Perform Proxy Activation
ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform Proxy Activation
You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that do not have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access.
**Note**  
For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. 
## Requirements
Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements:
- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key.
- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall.
- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
## To Perform Proxy Activation
**To perform proxy activation**
1. Open VAMT.
2. If necessary, install product keys. For more information see:
- [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK).
- [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys.
3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the center pane.
6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box.
7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**.
8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox.
9. Click **OK**.
10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials.
**Note**  
You can use proxy activation to select products that have different key types and activate the products at the same time.
---
title: Perform Proxy Activation (Windows 10)
description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access.
ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Perform Proxy Activation
You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that do not have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access.
**Note**  
For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. 
## Requirements
Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements:
- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key.
- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall.
- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
## To Perform Proxy Activation
**To perform proxy activation**
1. Open VAMT.
2. If necessary, install product keys. For more information see:
- [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK).
- [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys.
3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the center pane.
6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box.
7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**.
8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox.
9. Click **OK**.
10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials.
**Note**  
You can use proxy activation to select products that have different key types and activate the products at the same time.

273
windows/deployment/volume-activation/scenario-online-activation-vamt.md
View File

@ -1,136 +1,137 @@
---
title: Scenario 1 Online Activation (Windows 10)
description: Scenario 1 Online Activation
ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Scenario 1: Online Activation
In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types:
- Multiple Activation Key (MAK)
- Windows Key Management Service (KMS) keys:
- KMS Host key (CSVLK)
- Generic Volume License Key (GVLK), or KMS client key
- Retail
The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
## In This Topic
- [Install and start VAMT on a networked host computer](#bkmk-partone)
- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
- [Connect to VAMT database](#bkmk-partthree)
- [Discover products](#bkmk-partfour)
- [Sort and filter the list of computers](#bkmk-partfive)
- [Collect status information from the computers in the list](#bkmk-partsix)
- [Add product keys and determine the remaining activation count](#bkmk-partseven)
- [Install the product keys](#bkmk-parteight)
- [Activate the client products](#bkmk-partnine)
## <a href="" id="bkmk-partone"></a>Step 1: Install and start VAMT on a networked host computer
1. Install VAMT on the host computer.
2. Click the VAMT icon in the **Start** menu to open VAMT.
## <a href="" id="bkmk-parttwo"></a>Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
**Note**  
To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
## <a href="" id="bkmk-partthree"></a>Step 3: Connect to a VAMT database
1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located.
2. Click **Connect**.
3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md)
## <a href="" id="bkmk-partfour"></a>Step 4: Discover products
1. In the left-side pane, in the **Products** node Products, click the product that you want to activate.
2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane.
3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query:
- To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
- To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
- To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks.
4. Click **Search**.
When the search is complete, the products that VAMT discovers appear in the product list view in the center pane.
## <a href="" id="bkmk-partfive"></a>Step 5: Sort and filter the list of computers
You can sort the list of products so that it is easier to find the computers that require product keys to be activated:
1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**.
2. To sort the list further, you can click one of the column headings to sort by that column.
3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane.
## <a href="" id="bkmk-partsix"></a>Step 6: Collect status information from the computers in the list
To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods:
- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key.
- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
**To collect status information from the selected computers**
- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**.
- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
**Note**
If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
## <a href="" id="bkmk-partseven"></a>Step 7: Add product keys and determine the remaining activation count
1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys:
- To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**.
- To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
The keys that you have added appear in the **Product Keys** list view in the center pane.
**Important**  
If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
## <a href="" id="bkmk-parteight"></a>Step 8: Install the product keys
1. In the left-side pane, click the product that you want to install keys on to.
2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive).
3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time.
6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
The same status appears under the **Status of Last Action** column in the product list view in the center pane.
**Note**  
Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
## <a href="" id="bkmk-partnine"></a>Step 9: Activate the client products
1. Select the individual products that you want to activate in the list-view pane.
2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option.
3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option.
4. Enter your alternate user name and password and click **OK**.
5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed.
**Note**  
Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network.
RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
## Related topics
- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
---
title: Scenario 1 Online Activation (Windows 10)
description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment.
ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Scenario 1: Online Activation
In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types:
- Multiple Activation Key (MAK)
- Windows Key Management Service (KMS) keys:
- KMS Host key (CSVLK)
- Generic Volume License Key (GVLK), or KMS client key
- Retail
The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
## In This Topic
- [Install and start VAMT on a networked host computer](#bkmk-partone)
- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
- [Connect to VAMT database](#bkmk-partthree)
- [Discover products](#bkmk-partfour)
- [Sort and filter the list of computers](#bkmk-partfive)
- [Collect status information from the computers in the list](#bkmk-partsix)
- [Add product keys and determine the remaining activation count](#bkmk-partseven)
- [Install the product keys](#bkmk-parteight)
- [Activate the client products](#bkmk-partnine)
## <a href="" id="bkmk-partone"></a>Step 1: Install and start VAMT on a networked host computer
1. Install VAMT on the host computer.
2. Click the VAMT icon in the **Start** menu to open VAMT.
## <a href="" id="bkmk-parttwo"></a>Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
**Note**  
To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
## <a href="" id="bkmk-partthree"></a>Step 3: Connect to a VAMT database
1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located.
2. Click **Connect**.
3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md)
## <a href="" id="bkmk-partfour"></a>Step 4: Discover products
1. In the left-side pane, in the **Products** node Products, click the product that you want to activate.
2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane.
3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query:
- To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
- To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
- To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
- To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks.
4. Click **Search**.
When the search is complete, the products that VAMT discovers appear in the product list view in the center pane.
## <a href="" id="bkmk-partfive"></a>Step 5: Sort and filter the list of computers
You can sort the list of products so that it is easier to find the computers that require product keys to be activated:
1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**.
2. To sort the list further, you can click one of the column headings to sort by that column.
3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
- To filter the list by computer name, enter a name in the **Computer Name** box.
- To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane.
## <a href="" id="bkmk-partsix"></a>Step 6: Collect status information from the computers in the list
To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods:
- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key.
- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
**To collect status information from the selected computers**
- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**.
- VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
**Note**
If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
## <a href="" id="bkmk-partseven"></a>Step 7: Add product keys and determine the remaining activation count
1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys:
- To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**.
- To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
The keys that you have added appear in the **Product Keys** list view in the center pane.
**Important**  
If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
## <a href="" id="bkmk-parteight"></a>Step 8: Install the product keys
1. In the left-side pane, click the product that you want to install keys on to.
2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive).
3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time.
6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
The same status appears under the **Status of Last Action** column in the product list view in the center pane.
**Note**  
Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
## <a href="" id="bkmk-partnine"></a>Step 9: Activate the client products
1. Select the individual products that you want to activate in the list-view pane.
2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option.
3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option.
4. Enter your alternate user name and password and click **OK**.
5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed.
**Note**  
Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network.
RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
## Related topics
- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)

493
windows/deployment/windows-10-subscription-activation.md
View File

@ -1,245 +1,248 @@
---
title: Windows 10 Subscription Activation
description: How to dynamically enable Windows 10 Enterprise or Education subscriptions
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro
author: greg-lindsay
manager: laurawi
ms.collection: M365-modern-desktop
search.appverid:
- MET150
ms.topic: article
---
# Windows 10 Subscription Activation
Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5.
With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions **Windows 10 Education**.
The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices.
## Subscription Activation for Windows 10 Enterprise
With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots.
If you are running Windows 10, version 1703 or later:
- Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.
- Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
## Subscription Activation for Windows 10 Education
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
## In this article
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing.
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
## Inherited Activation
Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later.
## The evolution of deployment
>The original version of this section can be found at [Changing between Windows SKUs](https://blogs.technet.microsoft.com/mniehaus/2017/10/09/changing-between-windows-skus/).
The following figure illustrates how deploying Windows 10 has evolved with each release. With this release, deployment is automatic.
![Illustration of how Windows 10 deployment has evolved](images/sa-evolution.png)
- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.<br>
- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.<br>
- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.<br>
- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.<br>
- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.<br>
- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.<br>
- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.<br>
- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
## Requirements
### Windows 10 Enterprise requirements
> [!NOTE]
> The following requirements do not apply to general Windows 10 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](https://docs.microsoft.com/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
#### Multi-factor authentication
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
To resolve this issue:
If the device is running Windows 10, version 1703, 1709, or 1803, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal.
If the device is running Windows 10, version 1809 or later:
1. Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
![Subscription Activation with MFA1](images/sa-mfa1.png)<br>
![Subscription Activation with MFA2](images/sa-mfa2.png)<br>
![Subscription Activation with MFA2](images/sa-mfa3.png)
### Windows 10 Education requirements
1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security> Activation.
3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
>If Windows 10 Pro is converted to Windows 10 Pro Education [using benefits available in Store for Education](https://docs.microsoft.com/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition.
## Benefits
With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing)
You can benefit by moving to Windows as an online service in the following ways:
1. Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
2. User logon triggers a silent edition upgrade, with no reboot required
3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys.
4. Compliance support via seat assignment.
5. Licenses can be updated to different users dynamically, enabling you to optimize your licensing investment against changing needs.
## How it works
The device is AAD joined from Settings > Accounts > Access work or school.
The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
![Windows 10 Enterprise](images/ent.png)
When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a users subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires.
Devices running Windows 10 Pro, version 1703 or Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
The following figures summarize how the Subscription Activation model works:
Before Windows 10, version 1903:<br>
![1703](images/before.png)
After Windows 10, version 1903:<br>
![1903](images/after.png)
Note:
1. A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
2. A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
### Scenarios
**Scenario #1**:  You are using Windows 10, version 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but havent yet deployed Windows 10 Enterprise).
All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device.
**Scenario #2**:  You are using Windows 10, version 1607, 1703, or 1709 with KMS for activation, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but havent yet deployed Windows 10 Enterprise).
To change all of your Windows 10 Pro devices to Windows 10 Enterprise, run the following command on each computer:
<pre style="overflow-y: visible">
cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43</pre>
The command causes the OS to change to Windows 10 Enterprise and then seek out the KMS server to reactivate.  This key comes from [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx) in the Volume Activation guide.  It is also possible to inject the Windows 10 Pro key from this article if you wish to step back down from Enterprise to Pro.
**Scenario #3**:  Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts.  The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in.
In summary, if you have a Windows 10 Enterprise E3 or E5 subscription, but are still running Windows 10 Pro, its really simple (and quick) to move to Windows 10 Enterprise using one of the scenarios above.
If youre running Windows 7, it can be more work.  A wipe-and-load approach works, but it is likely to be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise. This is a supported path, and completes the move in one step.  This method also works if you are running Windows 8.1 Pro.
### Licenses
The following policies apply to acquisition and renewal of licenses on devices:
- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
- Up to five devices can be upgraded for each user license.
- If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal).
### Existing Enterprise deployments
If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
Caution: Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE(Out Of Box Experience)
If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
If the computer has never been activated with a Pro key, run the following script. Copy the text below into a .cmd file and run the file from an elevated command prompt:
<pre style="overflow-y: visible">
@echo off
FOR /F "skip=1" %%A IN ('wmic path SoftwareLicensingService get OA3xOriginalProductKey') DO (
SET "ProductKey=%%A"
goto InstallKey
)
:InstallKey
IF [%ProductKey%]==[] (
echo No key present
) ELSE (
echo Installing %ProductKey%
changepk.exe /ProductKey %ProductKey%
)
</pre>
### Obtaining an Azure AD license
Enterprise Agreement/Software Assurance (EA/SA):
- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea).
- The license administrator can assign seats to Azure AD users with the same process that is used for O365.
- New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription.
Microsoft Products & Services Agreements (MPSA):
- Organizations with MPSA are automatically emailed the details of the new service. They must take steps to process the instructions.
- Existing MPSA customers will receive service activation emails that allow their customer administrator to assign users to the service.
- New MPSA customers who purchase the Software Subscription Windows Enterprise E3 and E5 will be enabled for both the traditional key-based and new subscriptions activation method.
### Deploying licenses
See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
## Virtual Desktop Access (VDA)
Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx).
Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
## Related topics
[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)<br>
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<br>
[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)<br>
---
title: Windows 10 Subscription Activation
description: How to dynamically enable Windows 10 Enterprise or Education subscriptions
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
audience: itpro
author: greg-lindsay
manager: laurawi
ms.collection: M365-modern-desktop
search.appverid:
- MET150
ms.topic: article
---
# Windows 10 Subscription Activation
Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5.
With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions **Windows 10 Education**.
The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices.
## Subscription Activation for Windows 10 Enterprise
With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots.
If you are running Windows 10, version 1703 or later:
- Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.
- Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
## Subscription Activation for Windows 10 Education
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
## In this article
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing.
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
## Inherited Activation
Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later.
## The evolution of deployment
> [!NOTE]
> The original version of this section can be found at [Changing between Windows SKUs](https://blogs.technet.microsoft.com/mniehaus/2017/10/09/changing-between-windows-skus/).
The following figure illustrates how deploying Windows 10 has evolved with each release. With this release, deployment is automatic.
![Illustration of how Windows 10 deployment has evolved](images/sa-evolution.png)
- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.<br>
- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after).  This was a lot easier than wipe-and-load, but it was still time-consuming.<br>
- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU.  This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.<br>
- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise.  In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.<br>
- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.<br>
- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.<br>
- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.<br>
- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
## Requirements
### Windows 10 Enterprise requirements
> [!NOTE]
> The following requirements do not apply to general Windows 10 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](https://docs.microsoft.com/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
#### Multi-factor authentication
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
To resolve this issue:
If the device is running Windows 10, version 1703, 1709, or 1803, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal.
If the device is running Windows 10, version 1809 or later:
1. Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
![Subscription Activation with MFA1](images/sa-mfa1.png)<br>
![Subscription Activation with MFA2](images/sa-mfa2.png)<br>
![Subscription Activation with MFA2](images/sa-mfa3.png)
### Windows 10 Education requirements
1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security > Activation.
3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
> [!IMPORTANT]
> If Windows 10 Pro is converted to Windows 10 Pro Education [by using benefits available in Store for Education](https://docs.microsoft.com/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device by using a Windows 10 Pro Education edition.
## Benefits
With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing)
You can benefit by moving to Windows as an online service in the following ways:
1. Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
2. User logon triggers a silent edition upgrade, with no reboot required
3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys.
4. Compliance support via seat assignment.
5. Licenses can be updated to different users dynamically, enabling you to optimize your licensing investment against changing needs.
## How it works
The device is AAD joined from Settings > Accounts > Access work or school.
The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
![Windows 10 Enterprise](images/ent.png)
When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a users subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires.
Devices running Windows 10 Pro, version 1703 or Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
The following figures summarize how the Subscription Activation model works:
Before Windows 10, version 1903:<br>
![1703](images/before.png)
After Windows 10, version 1903:<br>
![1903](images/after.png)
> [!NOTE]
> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
>
> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
### Scenarios
**Scenario #1**:  You are using Windows 10, version 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but havent yet deployed Windows 10 Enterprise).
All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device.
**Scenario #2**:  You are using Windows 10, version 1607, 1703, or 1709 with KMS for activation, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but havent yet deployed Windows 10 Enterprise).
To change all of your Windows 10 Pro devices to Windows 10 Enterprise, run the following command on each computer:
<pre style="overflow-y: visible">
cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43</pre>
The command causes the OS to change to Windows 10 Enterprise and then seek out the KMS server to reactivate.  This key comes from [Appendix A: KMS Client Setup Keys](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)) in the Volume Activation guide.  It is also possible to inject the Windows 10 Pro key from this article if you wish to step back down from Enterprise to Pro.
**Scenario #3**:  Using Azure AD-joined devices or Active Directory-joined devices running Windows 10 1709 or later, and with Azure AD synchronization configured, just follow the steps in [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) to acquire a $0 SKU and get a new Windows 10 Enterprise E3 or E5 license in Azure AD. Then, assign that license to all of your Azure AD users. These can be AD-synced accounts.  The device will automatically change from Windows 10 Pro to Windows 10 Enterprise when that user signs in.
In summary, if you have a Windows 10 Enterprise E3 or E5 subscription, but are still running Windows 10 Pro, its really simple (and quick) to move to Windows 10 Enterprise using one of the scenarios above.
If youre running Windows 7, it can be more work.  A wipe-and-load approach works, but it is likely to be easier to upgrade from Windows 7 Pro directly to Windows 10 Enterprise. This is a supported path, and completes the move in one step.  This method also works if you are running Windows 8.1 Pro.
### Licenses
The following policies apply to acquisition and renewal of licenses on devices:
- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
- Up to five devices can be upgraded for each user license.
- If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal).
### Existing Enterprise deployments
If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
> [!CAUTION]
> Firmware-embedded Windows 10 activation happens automatically only when we go through the Out-of-Box Experience (OOBE).
If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
If the computer has never been activated with a Pro key, run the following script. Copy the text below into a .cmd file and run the file from an elevated command prompt:
<pre style="overflow-y: visible">
@echo off
FOR /F "skip=1" %%A IN ('wmic path SoftwareLicensingService get OA3xOriginalProductKey') DO (
SET "ProductKey=%%A"
goto InstallKey
)
:InstallKey
IF [%ProductKey%]==[] (
echo No key present
) ELSE (
echo Installing %ProductKey%
changepk.exe /ProductKey %ProductKey%
)
</pre>
### Obtaining an Azure AD license
Enterprise Agreement/Software Assurance (EA/SA):
- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea).
- The license administrator can assign seats to Azure AD users with the same process that is used for O365.
- New EA/SA Windows Enterprise customers can acquire both an SA subscription and an associated $0 cloud subscription.
Microsoft Products & Services Agreements (MPSA):
- Organizations with MPSA are automatically emailed the details of the new service. They must take steps to process the instructions.
- Existing MPSA customers will receive service activation emails that allow their customer administrator to assign users to the service.
- New MPSA customers who purchase the Software Subscription Windows Enterprise E3 and E5 will be enabled for both the traditional key-based and new subscriptions activation method.
### Deploying licenses
See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
## Virtual Desktop Access (VDA)
Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).
Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
## Related topics
[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)<br>
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<br>
[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)<br>

56
windows/deployment/windows-autopilot/user-driven.md
View File

@ -22,22 +22,33 @@ ms.topic: article
Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
- Unbox the device, plug it in, and turn it on.
- Choose a language, locale and keyboard.
- Connect it to a wireless or wired network with internet access.
- Choose a language (only required when multiple languages are installed), locale and keyboard.
- Connect it to a wireless or wired network with internet access. If using wireless, the user must establish the Wi-Fi link.
- Specify your e-mail address and password for your organization account.
After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization. Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
Today, Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options.
Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options.
## Available user-driven modes
From a process flow perspective, the tasks performed during the user-driven process are as follows:
The following options are available for user-driven deployment:
- Once connected to a network, the device will download a Windows Autopilot profile specifying the settings that should be used (e.g. the prompts during OOBE that should be suppressed).
- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
- The user will be prompted for Azure Active Directory credentials, with a customized user experience showing the Azure AD tenant name, logo, and sign-in text.
- The device will join Azure Active Directory or Active Directory, based on the Windows Autopilot profile settings.
- The device will enroll in Intune (or other configured MDM services). (This occurs as part of the Azure Active Directory join process via MDM auto-enrollment, or before the Active Directory join process, as needed.)
- If configured, the [enrollment status page](enrollment-status.md) (ESP) will be displayed.
- Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided. (Note that if the device reboots during the device ESP process, the user will need to re-enter their credentials as these are not persisted across reboots.)
- Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
If any issues are encountered during this process, see the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
For more information on the available join options, see the following sections:
- [Azure Active Directory join](#user-driven-mode-for-azure-active-directory-join) is available if devices do not need to be joined to an on-prem Active Directory domain.
- [Hybrid Azure Active Directory join](#user-driven-mode-for-hybrid-azure-active-directory-join) is available for devices that must be joined to both Azure Active Directory and your on-prem Active Directory domain.
### User-driven mode for Azure Active Directory join
## User-driven mode for Azure Active Directory join
In order to perform a user-driven deployment using Windows Autopilot, the following preparation steps need to be completed:
@ -53,18 +64,14 @@ For each device that will be deployed using user-driven deployment, these additi
- If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
- If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
Also see the [Validation](#validation) section below.
>[!NOTE]
>If the device reboots during the device enrollment status page (ESP) in the user-driven Azure Active Directoy join scenario, the user will not automatically sign on because the user's credentials cannot be saved across reboots. In this scenario, the user will need to sign in manually after the device ESP completes.
## User-driven mode for hybrid Azure Active Directory join
### User-driven mode for hybrid Azure Active Directory join
Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid-joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).
### Requirements
#### Requirements
To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
To perform a user-driven hybrid Azure AD joined deployment using Windows Autopilot:
- A Windows Autopilot profile for user-driven mode must be created and
- **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile.
@ -76,28 +83,11 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
- Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf.
- If using Proxy, WPAD Proxy settings option must be enabled and configured.
**AAD device join**: The hybrid AAD join process uses the system context to perform device AAD join, therefore it is not affected by user based AAD join permission settings. In addition, all users are enabled to join devices to AAD by default.
**Azure AD device join**: The hybrid Azure AD join process uses the system context to perform device Azure AD join, therefore it is not affected by user based Azure AD join permission settings. In addition, all users are enabled to join devices to Azure AD by default.
#### Step by step instructions
### Step by step instructions
See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
## Validation
When performing a user-driven deployment using Windows Autopilot, the following end-user experience should be observed:
- If multiple languages are preinstalled in Windows 10, the user must pick a language.
- The user must pick a locale and a keyboard layout, and optionally a second keyboard layout.
- If connected via Ethernet, no network prompt is expected. If no Ethernet connection is available and Wi-fi is built in, the user needs to connect to a wireless network.
- Once connected to a network, the Autopilot profile will be downloaded.
- Windows 10 will check for critical OOBE updates, and if any are available they will be automatically installed (rebooting if required).
- The user will be prompted for Azure Active Directory credentials, with a customized user experience showing the Azure AD tenant name, logo, and sign-in text.
- Once correct credentials have been entered, the device will join Azure Active Directory.
- After joining Azure Active Directory, the device will enroll in Intune (or other configured MDM services).
- If configured, the [enrollment status page](enrollment-status.md) will be displayed.
- Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided.
- Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
If your results do not match these expectations, see the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.

5
windows/hub/windows-10.yml
View File

@ -24,7 +24,7 @@ sections:
- items:
- type: markdown
text: "
Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.<br>
Get started with Windows 10. Evaluate free for 90 days and set up virtual labs to test a proof of concept.<br>
<table><tr><td><img src='images/explore1.png' width='192' height='192'><br>**Download a free 90-day evaluation**<br>Try the latest features. Test your apps, hardware, and deployment strategies.<br><a href='https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise'>Start evaluation</a></td><td><img src='images/explore2.png' width='192' height='192'><br>**Get started with virtual labs**<br>Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.<br><a href='https://www.microsoft.com/en-us/itpro/windows-10/virtual-labs'>See Windows 10 labs</a></td><td><img src='images/explore3.png' width='192' height='192'><br>**Conduct a proof of concept**<br>Download a lab environment with MDT, Configuration Manager, Windows 10, and more.<br><a href='https://go.microsoft.com/fwlink/p/?linkid=861441'>Get deployment kit</a></td></tr>
</table>
"
@ -57,7 +57,7 @@ sections:
- type: markdown
text: "
Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.<br>
<table><tr><td><img src='images/deploy1.png' width='192' height='192'><br>**In-place upgrade**<br>The simplest way to upgrade PCs that are currently running WIndows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager'>Upgrade to Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit'>Upgrade to Windows 10 with MDT</a></td><td><img src='images/deploy2.png' width='192' height='192'><br>**Traditional deployment**<br>Some organizations may still need to opt for an image-based deployment of Windows 10.<br><a href='https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems'>Deploy Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit'>Deploy Windows 10 with MDT</a></td></tr><tr><td><img src='images/deploy3.png' width='192' height='192'><br>**Dynamic provisioning**<br>With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.<br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages'>Provisioning packages for Windows 10</a><br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package'>Build and apply a provisioning package</a><br><a href='https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd'>Customize Windows 10 start and the taskbar</a></td><td><img src='images/deploy4.png><br>**Other deployment scenarios**<br>Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.<br><a href='https://docs.microsoft.com/education/windows/'>Windows deployment for education environments</a><br><a href='https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc'>Set up a shared or guest PC with Windows 10</a><br><a href='https://docs.microsoft.com/windows/application-management/sideload-apps-in-windows-10'>Sideload apps in Windows 10</a></td></tr>
<table><tr><td><img src='images/deploy1.png' width='192' height='192'><br>**In-place upgrade**<br>The simplest way to upgrade PCs that are currently running WIndows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager'>Upgrade to Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit'>Upgrade to Windows 10 with MDT</a></td><td><img src='images/deploy2.png' width='192' height='192'><br>**Traditional deployment**<br>Some organizations may still need to opt for an image-based deployment of Windows 10.<br><a href='https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems'>Deploy Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit'>Deploy Windows 10 with MDT</a></td></tr><tr><td><img src='images/deploy3.png' width='192' height='192'><br>**Dynamic provisioning**<br>With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.<br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages'>Provisioning packages for Windows 10</a><br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package'>Build and apply a provisioning package</a><br><a href='https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd'>Customize Windows 10 start and the taskbar</a></td><td><img src='images/deploy4.png' width='192' height='192'><br>**Other deployment scenarios**<br>Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.<br><a href='https://docs.microsoft.com/education/windows/'>Windows deployment for education environments</a><br><a href='https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc'>Set up a shared or guest PC with Windows 10</a><br><a href='https://docs.microsoft.com/windows/application-management/sideload-apps-in-windows-10'>Sideload apps in Windows 10</a></td></tr>
</table>
"
- title: Management and security
@ -72,6 +72,7 @@ sections:
- items:
- type: markdown
text: "
Stay connected with Windows 10 experts, your colleagues, business trends, and IT pro events.<br>
<table><tr><td><img src='images/insider.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Find out about new resources and get expert tips and tricks on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Follow us on Twitter**<br>Keep up with the latest desktop and device trends, Windows news, and events for IT pros.<br><a href='https://twitter.com/MSWindowsITPro'>Visit Twitter</a></td><td><img src='images/wip4biz.png' width='192' height='192'><br>**Join the Windows Insider Program for Business**<br>Get early access to new builds and provide feedback on the latest features and functionalities.<br><a href='https://insider.windows.com/ForBusiness'>Get started</a></td></tr>
</table>
"

Some files were not shown because too many files have changed in this diff Show More