mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #10635 from MicrosoftDocs/main
Publish main to live 02/25/2025, 10:30 AM
This commit is contained in:
Gary Moore
GitHub
commit
14cbe2c24f
@ -2,7 +2,7 @@
|
||||
title: Use Set up School PCs app
|
||||
description: Learn how to use the Set up School PCs app and apply the provisioning package.
|
||||
ms.topic: how-to
|
||||
ms.date: 07/09/2024
|
||||
ms.date: 02/25/2025
|
||||
appliesto:
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Assigned Access policy settings
|
||||
description: Learn about the policy settings enforced on a device configured with Assigned Access.
|
||||
ms.topic: reference
|
||||
ms.date: 10/31/2024
|
||||
ms.date: 02/25/2025
|
||||
---
|
||||
|
||||
# Assigned Access policy settings
|
||||
@ -20,6 +20,7 @@ The following policy settings are applied at the device level when you deploy a
|
||||
|
||||
| Type | Path | Name/Description |
|
||||
|---------|----------------------------------------------------------------------------|---------------------------------------------------------------------------|
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Settings/AllowOnlineTips` | Allow Online Tips |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Experience/AllowCortana` | Disable Cortana |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDocuments` | Disable Start documents icon |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDownloads` | Disable Start downloads icon |
|
||||
@ -45,8 +46,9 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
|---------|----------------------------------------------------------------------------------|-------------------------------------------------------------------|
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/DisableContextMenus` | Disable Context Menu for Start menu apps |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HidePeopleBar` | Hide People Bar from appearing on taskbar |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentJumplists` | Hide recent jumplists from appearing on the Start menu/taskbar |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
|
||||
| **CSP** | User Configuration\Administrative Templates\Windows Components\Windows Copilot | Turn off Windows Copilot |
|
||||
| **GPO** | User Configuration\Administrative Templates\Desktop | Hide and disable all items on the desktop |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Clear history of recently opened documents on exit |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notifications as toasts |
|
||||
@ -54,7 +56,7 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning programs to the Taskbar |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not display or track items in Jump Lists from remote locations |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide and disable all items on the desktop |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide the Task View button |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide the TaskView button |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock all taskbar settings |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock the Taskbar |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from adding or removing toolbars |
|
||||
@ -81,6 +83,7 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove *Map network drive* and *Disconnect Network Drive* |
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove File Explorer's default context menu |
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\Windows Copilot | Turn off Windows Copilot |
|
||||
| **GPO** | User Configuration\Administrative Templates\WindowsComponents\File Explorer | Prevent access to drives from My Computer |
|
||||
|
||||
The following policy settings are applied to the kiosk account when you configure a kiosk experience with Microsoft Edge:
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 04/10/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
@ -9,14 +9,8 @@ ms.topic: include
|
||||
|
||||
With this policy setting, you can prevent the Start menu from displaying a list of recently installed applications:
|
||||
|
||||
- If **enabled**, the Start menu doesn't display the **Recently added** list. The corresponding option in Settings can't be configured (grayed out).
|
||||
- If **disabled** or **not configured**, the Start menu displays the **Recently added** list. The corresponding option in Settings can be configured.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Starting in Windows 11, version 22H2 with [KB5048685](https://support.microsoft.com/topic/4602-ea3736d3-6948-4fd7-9faf-8d732ac2ed59), the policy setting behavior changed.
|
||||
>
|
||||
> - If **enabled**, the corresponding option in Settings can't be configured (grayed out). The policy setting doesn't affect the display of recently installed applications in the Recommended section of the Start menu.
|
||||
> - If **disabled** or **not configured**, the corresponding option in Settings can be configured.
|
||||
- If **enabled**, the Start menu doesn't display the **Recently added** list. The corresponding option in Settings can't be configured (grayed out)
|
||||
- If **disabled** or **not configured**, the Start menu displays the **Recently added** list. The corresponding option in Settings can be configured
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Start policy settings
|
||||
description: Learn about the policy settings to configure the Windows Start menu.
|
||||
ms.topic: reference
|
||||
ms.date: 07/10/2024
|
||||
ms.date: 02/25/2025
|
||||
appliesto:
|
||||
zone_pivot_groups: windows-versions-11-10
|
||||
---
|
||||
|
||||
@ -0,0 +1,23 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
### Show notification bell icon
|
||||
|
||||
This policy setting allows you to show the notification bell icon in the system tray:
|
||||
|
||||
- If you enable this policy setting, the notification icon is always displayed
|
||||
- If you disable or don't configure this policy setting, the notification icon is only displayed when there's a special status (for example, when *do not disturb* is turned on)
|
||||
|
||||
> [!NOTE]
|
||||
> A reboot is required for this policy setting to take effect.
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
| **CSP** |- `./User/Vendor/MSFT/Policy/Config/Start/`[AlwaysShowNotificationIcon](/windows/client-management/mdm/policy-csp-start#AlwaysShowNotificationIcon) |
|
||||
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
|
||||
|
||||
<!-- not linked yet as it's in Insider>
|
||||
@ -0,0 +1,22 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
### Turn off abbreviated time and date format
|
||||
|
||||
This policy setting allows you to show the longer time and date format in the system tray:
|
||||
|
||||
- If you enable this policy setting, the time format will include the AM/PM time marker and the date will include the year.
|
||||
|
||||
> [!NOTE]
|
||||
> A reboot is required for this policy setting to take effect.
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
| **CSP** |- `./User/Vendor/MSFT/Policy/Config/Start/`[TurnOffAbbreviatedDateTimeFormat](/windows/client-management/mdm/policy-csp-start#TurnOffAbbreviatedDateTimeFormat) |
|
||||
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
|
||||
|
||||
<!-- not linked yet as it's in Insider>
|
||||
@ -21,7 +21,7 @@ You can use the App Control for Business Wizard and the PowerShell commands to c
|
||||
:::image type="content" alt-text="Configuring the policy base and template." source="../images/appid-appcontrol-wizard-1.png" lightbox="../images/appid-appcontrol-wizard-1.png":::
|
||||
|
||||
> [!NOTE]
|
||||
> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
|
||||
> If your AppId Tagging Policy does not build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
|
||||
|
||||
2. Set the following rule-options using the Wizard toggles:
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Additional mitigations
|
||||
description: Learn how to improve the security of your domain environment with additional mitigations for Credential Guard and sample code.
|
||||
ms.topic: reference
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Configure Credential Guard
|
||||
description: Learn how to configure Credential Guard using MDM, Group Policy, or the registry.
|
||||
ms.topic: how-to
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Considerations and known issues when using Credential Guard
|
||||
description: Considerations, recommendations, and known issues when using Credential Guard.
|
||||
ms.topic: troubleshooting
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: How Credential Guard works
|
||||
description: Learn how Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
|
||||
ms.topic: concept-article
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Credential Guard overview
|
||||
description: Learn about Credential Guard and how it isolates secrets so that only privileged system software can access them.
|
||||
ms.topic: overview
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business cloud-only deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in a hybrid certificate trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business hybrid certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and enroll in Windows Hello for Business in hybrid certificate trust model
|
||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
ms.date: 09/26/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and validate the PKI in a hybrid certificate trust model
|
||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business hybrid certificate trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business cloud Kerberos trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
@ -45,7 +45,7 @@ When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *Azur
|
||||
- Is only used by Microsoft Entra ID to generate TGTs for the Active Directory domain
|
||||
|
||||
> [!NOTE]
|
||||
> Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of priviliged built-in security groups won't be able to use cloud Kerberos trust.
|
||||
> Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of privileged built-in security groups won't be able to use cloud Kerberos trust.
|
||||
|
||||
:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Screenshot of the Active Directory Users and Computers console, showing the computer object representing the Microsoft Entra Kerberos server." lightbox="images/azuread-kerberos-object.png":::
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
|
||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business hybrid key trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Plan a Windows Hello for Business Deployment
|
||||
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
||||
ms.date: 10/30/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
@ -251,7 +251,7 @@ Here are some considerations regarding licensing requirements for cloud services
|
||||
|
||||
### Windows requirements
|
||||
|
||||
All supported Windows versions can be used with Windows Hello for Business. However, cloud Kerberos trust requires minimum versions:
|
||||
All supported Windows (client) versions can be used with Windows Hello for Business. However, cloud Kerberos trust requires minimum versions:
|
||||
|
||||
|| Deployment model | Trust type | Windows version|
|
||||
|--|--|--|--|
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in an on-premises certificate trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business on-premises certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business on-premises certificate trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust scenario.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in an on-premises key trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business key trust model.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business on-premises key trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust scenario.
|
||||
ms.date: 06/24/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Prepare users to provision and use Windows Hello for Business
|
||||
description: Learn how to prepare users to enroll and to use Windows Hello for Business.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: end-user-help
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Configure S/MIME For Windows
|
||||
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows.
|
||||
ms.topic: how-to
|
||||
ms.date: 12/02/2024
|
||||
ms.date: 02/25/2025
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Encrypted hard drives
|
||||
description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management.
|
||||
ms.date: 07/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user