mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 04:13:41 +00:00
Merge branch 'main' into vp-mdm-windc
This commit is contained in:
Vinay Pamnani
GitHub
@ -18,9 +18,9 @@ The table below shows the applicability of Windows:
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis).
|
||||
The UniversalPrint configuration service provider (CSP) is used to add Universal Print-compatible printers to Windows client endpoints. Universal Print is a cloud-based printing solution that runs entirely in Microsoft Azure. It doesn't require any on-premises infrastructure. For more specific information, see [Discover Universal Print](/universal-print/discover-universal-print).
|
||||
|
||||
This CSP was added in Windows 11 and in Windows 10 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
|
||||
This CSP was added in Windows 11 and in Windows 10, version 21H2 July 2022 update [KB5015807](https://support.microsoft.com/topic/july-12-2022-kb5015807-os-builds-19042-1826-19043-1826-and-19044-1826-8c8ea8fe-ec83-467d-86fb-a2f48a85eb41).
|
||||
|
||||
The following example shows the UniversalPrint configuration service provider in tree format.
|
||||
|
||||
@ -52,7 +52,7 @@ The data type is node (XML node). Supported operation is Get.
|
||||
|
||||
<a href="" id="guidprintersharedid)"></a>**`<GUID>` (PrinterSharedID)**
|
||||
|
||||
The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
|
||||
The Share ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share ID in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
|
||||
|
||||
The data type is node (XML node). Supported operations are Get, Add, and Delete.
|
||||
|
||||
@ -61,7 +61,7 @@ The data type is node (XML node). Supported operations are Get, Add, and Delete.
|
||||
|
||||
<a href="" id="clouddeviceid"></a>**CloudDeviceID**
|
||||
|
||||
The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
|
||||
The Printer ID is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Printer ID in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
|
||||
|
||||
The data type is string/text (GUID). Supported operations are Get, Add, Delete, and Replace.
|
||||
|
||||
@ -70,7 +70,7 @@ The data type is string/text (GUID). Supported operations are Get, Add, Delete,
|
||||
|
||||
<a href="" id="printersharedname"></a>**PrinterSharedName**
|
||||
|
||||
The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/portal/navigate-up).
|
||||
The Share Name is used to identify the Universal Print printer you want to install on the targeted user account. You can get the printer's Share Name in the printer's properties in the [Universal Print portal](/universal-print/reference/portal/navigate-azure-portal).
|
||||
|
||||
The data type is string/text. Supported operations are Get, Add, Delete, and Replace.
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ Each profile defines a `Shell` element, which contains details about the applica
|
||||
|-|-|-|
|
||||
|`Shell`| Application that is used as a Windows shell. |- For Universal Windows Platform (UWP) apps, you must provide the App User Model ID (AUMID). Learn how to [Find the Application User Model ID of an installed app](../../store/find-aumid.md).<br>- For desktop apps, specify the full path of the executable, which can contain system environment variables in the form of `%variableName%`. You can also specify any parameters that the app might require. |
|
||||
|`V2:AppType`| Defines the type of application. |Allowed values are `Desktop` and `UWP`.|
|
||||
|`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `True`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `False` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.|
|
||||
|`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `true`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `false` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.|
|
||||
|
||||
Example:
|
||||
|
||||
|
||||
@ -5,9 +5,9 @@ ms.service: windows-client
|
||||
ms.subservice: itpro-updates
|
||||
ms.topic: overview
|
||||
ms.date: 06/25/2024
|
||||
author: mikolding
|
||||
ms.author: v-mikolding
|
||||
ms.reviewer: mstewart,thtrombl,v-fvalentyna,arcarley
|
||||
author: v-fvalentyna
|
||||
ms.author: v-fvalentyna
|
||||
ms.reviewer: mstewart,thtrombl,arcarley
|
||||
manager: aaroncz
|
||||
ms.localizationpriority: medium
|
||||
appliesto:
|
||||
|
||||
@ -47,79 +47,79 @@
|
||||
href: deploy/windows-autopatch-groups-manage-autopatch-groups.md
|
||||
- name: Post-device registration readiness checks
|
||||
href: deploy/windows-autopatch-post-reg-readiness-checks.md
|
||||
- name: Operate
|
||||
- name: Manage
|
||||
href:
|
||||
items:
|
||||
- name: Software update management
|
||||
href: operate/windows-autopatch-groups-update-management.md
|
||||
- name: Customize Windows Update settings
|
||||
href: manage/windows-autopatch-customize-windows-update-settings.md
|
||||
- name: Windows feature updates
|
||||
href: manage/windows-autopatch-windows-feature-update-overview.md
|
||||
items:
|
||||
- name: Windows updates
|
||||
href:
|
||||
items:
|
||||
- name: Customize Windows Update settings
|
||||
href: operate/windows-autopatch-groups-windows-update.md
|
||||
- name: Windows quality updates
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-overview.md
|
||||
items:
|
||||
- name: Windows quality update end user experience
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
|
||||
- name: Windows quality update signals
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-signals.md
|
||||
- name: Windows quality update communications
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-communications.md
|
||||
- name: Windows feature updates
|
||||
href: operate/windows-autopatch-groups-windows-feature-update-overview.md
|
||||
items:
|
||||
- name: Manage Windows feature updates
|
||||
href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md
|
||||
- name: Microsoft 365 Apps for enterprise
|
||||
href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
|
||||
- name: Microsoft Edge
|
||||
href: operate/windows-autopatch-edge.md
|
||||
- name: Microsoft Teams
|
||||
href: operate/windows-autopatch-teams.md
|
||||
- name: Windows quality and feature update reports overview
|
||||
href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
|
||||
- name: Manage Windows feature updates
|
||||
href: manage/windows-autopatch-manage-windows-feature-update-releases.md
|
||||
- name: Windows quality updates
|
||||
href: manage/windows-autopatch-windows-quality-update-overview.md
|
||||
items:
|
||||
- name: Windows quality update end user experience
|
||||
href: manage/windows-autopatch-windows-quality-update-end-user-exp.md
|
||||
- name: Windows quality update signals
|
||||
href: manage/windows-autopatch-windows-quality-update-signals.md
|
||||
- name: Windows quality update communications
|
||||
href: manage/windows-autopatch-windows-quality-update-communications.md
|
||||
- name: Manage driver and firmware updates
|
||||
href: manage/windows-autopatch-manage-driver-and-firmware-updates.md
|
||||
- name: Microsoft 365 Apps for enterprise
|
||||
href: manage/windows-autopatch-microsoft-365-apps-enterprise.md
|
||||
items:
|
||||
- name: Microsoft 365 Apps for enterprise update policies
|
||||
href: manage/windows-autopatch-microsoft-365-policies.md
|
||||
- name: Microsoft Edge
|
||||
href: manage/windows-autopatch-edge.md
|
||||
- name: Microsoft Teams
|
||||
href: manage/windows-autopatch-teams.md
|
||||
- name: Submit a support request
|
||||
href: manage/windows-autopatch-support-request.md
|
||||
- name: Exclude a device
|
||||
href: manage/windows-autopatch-exclude-device.md
|
||||
- name: Unenroll your tenant
|
||||
href: manage/windows-autopatch-unenroll-tenant.md
|
||||
- name: Monitor
|
||||
href:
|
||||
items:
|
||||
- name: Windows feature and quality update reports overview
|
||||
href: monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
|
||||
items:
|
||||
- name: Windows quality update reports
|
||||
href:
|
||||
items:
|
||||
- name: Summary dashboard
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
|
||||
- name: Quality update status report
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-status-report.md
|
||||
- name: Quality update trending report
|
||||
href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md
|
||||
- name: Reliability report
|
||||
href: operate/windows-autopatch-reliability-report.md
|
||||
- name: Windows feature update reports
|
||||
href:
|
||||
items:
|
||||
- name: Summary dashboard
|
||||
href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
|
||||
href: monitor/windows-autopatch-windows-feature-update-summary-dashboard.md
|
||||
- name: Feature update status report
|
||||
href: operate/windows-autopatch-groups-windows-feature-update-status-report.md
|
||||
href: monitor/windows-autopatch-windows-feature-update-status-report.md
|
||||
- name: Feature update trending report
|
||||
href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md
|
||||
- name: Windows quality and feature update device alerts
|
||||
href: operate/windows-autopatch-device-alerts.md
|
||||
href: monitor/windows-autopatch-windows-feature-update-trending-report.md
|
||||
- name: Windows quality update reports
|
||||
href:
|
||||
items:
|
||||
- name: Summary dashboard
|
||||
href: monitor/windows-autopatch-windows-quality-update-summary-dashboard.md
|
||||
- name: Quality update status report
|
||||
href: monitor/windows-autopatch-windows-quality-update-status-report.md
|
||||
- name: Quality update trending report
|
||||
href: monitor/windows-autopatch-windows-quality-update-trending-report.md
|
||||
- name: Reliability report
|
||||
href: monitor/windows-autopatch-reliability-report.md
|
||||
- name: Windows feature and quality update device alerts
|
||||
href: monitor/windows-autopatch-device-alerts.md
|
||||
- name: Policy health
|
||||
href:
|
||||
items:
|
||||
- name: Policy health and remediation
|
||||
href: operate/windows-autopatch-policy-health-and-remediation.md
|
||||
href: monitor/windows-autopatch-policy-health-and-remediation.md
|
||||
- name: Resolve policy conflicts
|
||||
href: operate/windows-autopatch-resolve-policy-conflicts.md
|
||||
href: monitor/windows-autopatch-resolve-policy-conflicts.md
|
||||
- name: Maintain the Windows Autopatch environment
|
||||
href: operate/windows-autopatch-maintain-environment.md
|
||||
- name: Manage driver and firmware updates
|
||||
href: operate/windows-autopatch-manage-driver-and-firmware-updates.md
|
||||
- name: Submit a support request
|
||||
href: operate/windows-autopatch-support-request.md
|
||||
- name: Exclude a device
|
||||
href: operate/windows-autopatch-exclude-device.md
|
||||
- name: Unenroll your tenant
|
||||
href: operate/windows-autopatch-unenroll-tenant.md
|
||||
href: monitor/windows-autopatch-maintain-environment.md
|
||||
- name: References
|
||||
href:
|
||||
items:
|
||||
@ -128,8 +128,6 @@
|
||||
items:
|
||||
- name: Windows update policies
|
||||
href: references/windows-autopatch-windows-update-unsupported-policies.md
|
||||
- name: Microsoft 365 Apps for enterprise update policies
|
||||
href: references/windows-autopatch-microsoft-365-policies.md
|
||||
- name: Conflicting configurations
|
||||
href: references/windows-autopatch-conflicting-configurations.md
|
||||
- name: Changes made at tenant enrollment
|
||||
|
||||
@ -128,9 +128,7 @@ For organizations seeking greater control, you can allow or block Microsoft 365
|
||||
|
||||
[Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
|
||||
|
||||
A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.
|
||||
|
||||
However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
|
||||
A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.However, the device may still be eligible for other managed updates.
|
||||
|
||||
## Incidents and outages
|
||||
|
||||
@ -120,7 +120,7 @@ In the Release management blade, you can:
|
||||
|
||||
### Release schedule
|
||||
|
||||
For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
|
||||
For each deployment ring, the **Release schedule** tab contains:
|
||||
|
||||
- The status of the update. Releases appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which are configured on your behalf.
|
||||
- The date the update is available.
|
||||
@ -1,61 +0,0 @@
|
||||
---
|
||||
title: Software update management for Autopatch groups
|
||||
description: This article provides an overview of how updates are handled with Autopatch groups
|
||||
ms.date: 07/08/2024
|
||||
ms.service: windows-client
|
||||
ms.subservice: itpro-updates
|
||||
ms.topic: concept-article
|
||||
ms.localizationpriority: medium
|
||||
author: tiaraquan
|
||||
ms.author: tiaraquan
|
||||
manager: aaroncz
|
||||
ms.reviewer: andredm7
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier1
|
||||
---
|
||||
|
||||
# Software update management
|
||||
|
||||
Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
|
||||
|
||||
## Software update workloads
|
||||
|
||||
| Software update workload | Description |
|
||||
| ----- | ----- |
|
||||
| Windows quality update | Windows Autopatch uses four deployment rings to manage [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) |
|
||||
| Windows feature update | Windows Autopatch uses four deployment rings to manage [Windows feature updates](windows-autopatch-groups-windows-feature-update-overview.md) |
|
||||
| Anti-virus definition | Updated with each scan. |
|
||||
| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). |
|
||||
| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). |
|
||||
| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). |
|
||||
|
||||
## Autopatch groups
|
||||
|
||||
Autopatch groups help Microsoft Cloud-Managed services meet all organizations where they are at in their update management journey.
|
||||
|
||||
Autopatch groups is a logical container that groups several [Microsoft Entra groups](/azure/active-directory/fundamentals/active-directory-groups-view-azure-portal), and software update policies, such as Windows Update rings and feature update policies, together.
|
||||
|
||||
For more information on key benefits and how to use Autopatch groups, see [Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md).
|
||||
|
||||
## Windows quality updates
|
||||
|
||||
Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
|
||||
|
||||
To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. For more information, see [Windows quality updates overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md).
|
||||
|
||||
## Windows feature updates
|
||||
|
||||
You're in control of telling Windows Autopatch when your organization is ready to move to the next Windows OS version.
|
||||
|
||||
The Window feature update release management experience makes it easier and less expensive for you to keep your Windows devices up to date. You can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
|
||||
|
||||
For more information, see [Windows feature updates overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md).
|
||||
|
||||
## Reports
|
||||
|
||||
Using [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md), you can monitor and remediate Windows Autopatch managed devices that are Not up to Date and resolve any device alerts to bring Windows Autopatch managed devices back into compliance.
|
||||
|
||||
## Policy health and remediation
|
||||
|
||||
Windows Autopatch deploys Intune policies for Windows quality and feature update management. Windows Update policies must remain healthy for devices to receive Windows updates and stay up to date. We continuously monitor the health of the policies and raise alerts and provide remediation actions. For more information, see [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) and [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
|
||||
@ -19,7 +19,7 @@ ms.topic: reference
|
||||
- Windows 10 Enterprise 1903 version and newer
|
||||
|
||||
|
||||
This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it's possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
|
||||
This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](/mem/intune/configuration/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it's possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
|
||||
@ -30,13 +30,13 @@ This article describes the network connections that Windows 10 and Windows 11 co
|
||||
>- The **Get Help** and **Give us Feedback** links in Windows may no longer work after applying some or all of the MDM/CSP settings.
|
||||
|
||||
>[!Warning]
|
||||
>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings. If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required.
|
||||
>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings. If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required.
|
||||
|
||||
For more information on Microsoft Intune, see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](/intune/).
|
||||
For more information on Microsoft Intune, see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](/mem/intune/).
|
||||
|
||||
For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows operating system components to Microsoft services](./manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
|
||||
|
||||
We're always striving to improve our documentation and welcome your feedback. You can provide feedback by sending email to **telmhelp**@**microsoft.com**.
|
||||
We're always striving to improve our documentation and welcome your feedback. You can provide feedback by sending email to **telmhelp**@**microsoft.com**.
|
||||
|
||||
|
||||
## Settings for Windows 10 Enterprise edition 1903 and later and Windows 11
|
||||
@ -55,15 +55,15 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
|
||||
1. **Date & Time**
|
||||
1. MDM Policy: [Settings/AllowDateTime](/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime). Allows the user to change date and time settings. **Set to 0 (zero)**
|
||||
|
||||
1. **Device metadata retrieval**
|
||||
1. **Device metadata retrieval**
|
||||
1. MDM Policy: [DeviceInstallation/PreventDeviceMetadataFromNetwork](/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork). Choose whether to prevent Windows from retrieving device metadata from the Internet. **Set to Enabled**
|
||||
|
||||
1. **Find My Device**
|
||||
1. **Find My Device**
|
||||
1. MDM Policy: [Experience/AllowFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice). This policy turns on Find My Device. **Set to 0 (zero)**
|
||||
|
||||
1. **Font streaming**
|
||||
1. **Font streaming**
|
||||
1. MDM Policy: [System/AllowFontProviders](/windows/client-management/mdm/policy-csp-system#system-allowfontproviders). Setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. **Set to 0 (zero)**
|
||||
1. **Insider Preview builds**
|
||||
1. **Insider Preview builds**
|
||||
1. MDM Policy: [System/AllowBuildPreview](/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview). This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. **Set to 0 (zero)**
|
||||
|
||||
1. **Internet Explorer** The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](/windows/client-management/mdm/policy-csp-internetexplorer)
|
||||
@ -74,7 +74,7 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
|
||||
1. MDM Policy: [InternetExplorer/DisableHomePageChange](/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange). Determines whether users can change the default Home Page or not. **Set to String** with Value:
|
||||
1. **\<enabled/>\<data id=”EnterHomePagePrompt” value=”Start Page”/>**
|
||||
1. MDM Policy: [InternetExplorer/DisableFirstRunWizard](/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard). Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to String** with Value:
|
||||
1. **\<enabled/>\<data id=”FirstRunOptions” value=”1”/>**
|
||||
1. **\<enabled/>\<data id=”FirstRunOptions” value=”1”/>**
|
||||
|
||||
1. **Live Tiles**
|
||||
1. MDM Policy: [Notifications/DisallowTileNotification](/windows/client-management/mdm/policy-csp-notifications). This policy setting turns off tile notifications. If you enable this policy setting applications and system features won't be able to update their tiles and tile badges in the Start screen. **Integer value 1**
|
||||
@ -101,8 +101,8 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
|
||||
1. MDM Policy: [EnableOfflineMapsAutoUpdate](/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate). Disables the automatic download and update of map data. **Set to 0 (zero)**
|
||||
|
||||
1. **OneDrive**
|
||||
1. MDM Policy: [DisableOneDriveFileSync](/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
|
||||
1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 or Windows 11 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (for example "18.162.0812.0001"). There's a folder named "adm" which contains the admx and adml policy definition files.
|
||||
1. MDM Policy: [DisableOneDriveFileSync](/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
|
||||
1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 or Windows 11 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (for example "18.162.0812.0001"). There's a folder named "adm" which contains the admx and adml policy definition files.
|
||||
1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is: **./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn**, Data type: **String**, Value: **\<enabled/>**
|
||||
|
||||
|
||||
@ -118,21 +118,21 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
|
||||
1. Account info - [Privacy/LetAppsAccessAccountInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo). Specifies whether Windows apps can access account information. **Set to 2 (two)**
|
||||
1. Contacts - [Privacy/LetAppsAccessContacts](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts). Specifies whether Windows apps can access contacts. **Set to 2 (two)**
|
||||
1. Calendar - [Privacy/LetAppsAccessCalendar](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar). Specifies whether Windows apps can access the calendar. **Set to 2 (two)**
|
||||
1. Call history - [Privacy/LetAppsAccessCallHistory](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory). Specifies whether Windows apps can access account information. **Set to 2 (two)**
|
||||
1. Email - [Privacy/LetAppsAccessEmail](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail). Specifies whether Windows apps can access email. **Set to 2 (two)**
|
||||
1. Messaging - [Privacy/LetAppsAccessMessaging](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging). Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)**
|
||||
1. Call history - [Privacy/LetAppsAccessCallHistory](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory). Specifies whether Windows apps can access account information. **Set to 2 (two)**
|
||||
1. Email - [Privacy/LetAppsAccessEmail](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail). Specifies whether Windows apps can access email. **Set to 2 (two)**
|
||||
1. Messaging - [Privacy/LetAppsAccessMessaging](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging). Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)**
|
||||
1. Phone calls - [Privacy/LetAppsAccessPhone](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone). Specifies whether Windows apps can make phone calls. **Set to 2 (two)**
|
||||
1. Radios - [Privacy/LetAppsAccessRadios](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios). Specifies whether Windows apps have access to control radios. **Set to 2 (two)**
|
||||
1. Other devices - [Privacy/LetAppsSyncWithDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices). Specifies whether Windows apps can sync with devices. **Set to 2 (two)**
|
||||
1. Radios - [Privacy/LetAppsAccessRadios](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios). Specifies whether Windows apps have access to control radios. **Set to 2 (two)**
|
||||
1. Other devices - [Privacy/LetAppsSyncWithDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices). Specifies whether Windows apps can sync with devices. **Set to 2 (two)**
|
||||
1. Other devices - [Privacy/LetAppsAccessTrustedDevices](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices). Specifies whether Windows apps can access trusted devices. **Set to 2 (two)**
|
||||
1. Feedback & diagnostics - [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry). Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)**
|
||||
1. Feedback & diagnostics - [Experience/DoNotShowFeedbackNotifications](/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications). Prevents devices from showing feedback questions from Microsoft. **Set to 1 (one)**
|
||||
1. Feedback & diagnostics - [Experience/DoNotShowFeedbackNotifications](/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications). Prevents devices from showing feedback questions from Microsoft. **Set to 1 (one)**
|
||||
1. Background apps - [Privacy/LetAppsRunInBackground](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground). Specifies whether Windows apps can run in the background. **Set to 2 (two)**
|
||||
1. Motion - [Privacy/LetAppsAccessMotion](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion). Specifies whether Windows apps can access motion data. **Set to 2 (two)**
|
||||
1. Tasks - [Privacy/LetAppsAccessTasks](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks). Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)**
|
||||
1. App Diagnostics - [Privacy/LetAppsGetDiagnosticInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo). Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)**
|
||||
1. App Diagnostics - [Privacy/LetAppsGetDiagnosticInfo](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo). Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)**
|
||||
1. **Software Protection Platform** - [Licensing/DisallowKMSClientOnlineAVSValidation](/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation). Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)**
|
||||
1. **Storage Health** - [Storage/AllowDiskHealthModelUpdates](/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates). Allows disk health model updates. **Set to 0 (zero)**
|
||||
1. **Storage Health** - [Storage/AllowDiskHealthModelUpdates](/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates). Allows disk health model updates. **Set to 0 (zero)**
|
||||
1. **Sync your settings** - [Experience/AllowSyncMySettings](/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings). Control whether your settings are synchronized. **Set to 0 (zero)**
|
||||
1. **Teredo** - No MDM needed. Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM.
|
||||
1. **Wi-Fi Sense** - No MDM needed. Wi-Fi Sense is no longer available from Windows 10 version 1803 and later or Windows 11.
|
||||
@ -162,7 +162,7 @@ For Windows 10 and Windows 11, the following MDM policies are available in the [
|
||||
### <a href="" id="bkmk-mdm-allowedtraffic"></a> Allowed traffic for Microsoft Intune / MDM configurations
|
||||
|
||||
|**Allowed traffic endpoints**
|
||||
| --- |
|
||||
| --- |
|
||||
|activation-v2.sls.microsoft.com/*|
|
||||
|cdn.onenote.net|
|
||||
|client.wns.windows.com|
|
||||
|
||||
@ -104,8 +104,8 @@ Alternatively, your administrators can also choose to use Windows Autopilot. Win
|
||||
|
||||
You can use the following articles to learn more about Windows Autopilot and how to use Windows Autopilot to deploy Windows:
|
||||
|
||||
- [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
|
||||
- [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
|
||||
- [Overview of Windows Autopilot](/autopilot/overview)
|
||||
- [Windows Autopilot deployment process](/autopilot/deployment-process)
|
||||
|
||||
#### _2.3.2 Managing Windows connected experiences and essential services_
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 63 KiB After Width: | Height: | Size: 64 KiB |
@ -103,7 +103,7 @@ The features in this article are no longer being actively developed, and might b
|
||||
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
|
||||
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|
||||
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|
||||
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
|
||||
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report. All other **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of: </br> - Windows 11 </br> - Windows 10, version 21H2, or later | 1709 |
|
||||
|System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software publisher. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 |
|
||||
|TLS RC4 Ciphers |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 |
|
||||
|Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
|
||||
|
||||
Reference in New Issue
Block a user