From 1ba1cc0f48a62e2b305b577e88a85a896c92d764 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Mon, 13 Aug 2018 18:34:22 +0000
Subject: [PATCH] Merged PR 10570: TenantLockdown CSP - new configuration
 service provider

---
 windows/client-management/mdm/TOC.md          |   2 +
 ...onfiguration-service-provider-reference.md |  28 +++++++
 .../provisioning-csp-tenantlockdown.png       | Bin 0 -> 3586 bytes
 .../mdm/tenantlockdown-csp.md                 |  39 +++++++++
 .../mdm/tenantlockdown-ddf.md                 |  75 ++++++++++++++++++
 .../mdm/win32compatibilityappraiser-csp.md    |   2 +-
 6 files changed, 145 insertions(+), 1 deletion(-)
 create mode 100644 windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png
 create mode 100644 windows/client-management/mdm/tenantlockdown-csp.md
 create mode 100644 windows/client-management/mdm/tenantlockdown-ddf.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 21553dfee9..10bf5bf5c8 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -295,6 +295,8 @@
 #### [SUPL DDF file](supl-ddf-file.md)
 ### [SurfaceHub CSP](surfacehub-csp.md)
 #### [SurfaceHub DDF file](surfacehub-ddf-file.md)
+### [TenantLockdown CSP](tenantlockdown-csp.md)
+#### [TenantLockdown DDF file](tenantlockdown-ddf.md)
 ### [TPMPolicy CSP](tpmpolicy-csp.md)
 #### [TPMPolicy DDF file](tpmpolicy-ddf-file.md)
 ### [UEFI CSP](uefi-csp.md)
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index cd6b862e43..6d0e3eb4c0 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2165,6 +2165,34 @@ Footnotes:
 <!--EndSKU-->
 <!--EndCSP-->
 
+<!--StartCSP-->
+[TenantLockdown CSP](tenantlockdown-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
 <!--StartCSP-->
 [TPMPolicy CSP](tpmpolicy-csp.md)  
 
diff --git a/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png b/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png
new file mode 100644
index 0000000000000000000000000000000000000000..e788aebb522e5026c8ea0bb16f63165a0e650983
GIT binary patch
literal 3586
zcma)9XHXN&77ZW)QE7Inpn~*Bq)U?`AOxf%#Y7+|C6v&SUV|tiU_uEI_(XaORk}1u
zLT^Tjh$i%+0TCkb;(Igi&-?RsW_QosJF|CZch9-IC^N|2GaP&z007{Op@FVB0KlZn
zz>nFP87(kP=rN;XLYm*b1E?GlSYa3^+_X)!0f3s+Q-5Hr4Ev;yfgKV6;Ozcenfkqp
zT^KW=4Ry6GgPk_8ho+X~%l-RX2Rigvl%^+NIy~LPIps;<_*^kcfm~rf{c>uf57E-{
zV9kA%*Y14u9j1p`Q0mZ?MQO?8;x&2pdlDyZBpCawAe}bbmU5eefEYFK_Vyu_AGtJ3
z`{^)5YhL11M)FOGus;&%JgseP38dE7*Xxxqis9qL#|XrWB2QOWy<yQhwR5Lv>+9<u
zmwi;zR}CA}I@&{4J@>@7U-)<&U(c@9sOl#c^@$6`t~wU5W0sbd+VUqR)s{>fgr9B^
zh8M7FS7pLXgM_Y^c7!RL-#E8(LdTf$;r5YdxpVdYW1>CeL8sd1$n{`vpJJ|ix4i8@
zsW0Y^52kRrx1&NZh>^A|*=>@o2x<5s<mouwMw|r-DSEdVoj+4nRu)PSaT){3NlW{`
ztyDpB(P%#!f)e!Q-N!`WV<4_MnudG$OxABcmGpxr>H%F6#v_?~4>#C7)?Oby1B0t3
zT6J=-LGyBQJT^MM8;1-&73ny#XutobWn$t|0706ZETw;wT}Pn&Zrp^jq6A^^cUX2&
ziLNSoH2!_a!c&XASB?b^J4l16o$3u&3-<#N2rpyl6i7hpmT^eMEXE$UzIp%S0Lz-C
z!G|eF2~tFy$a9Fd=+MerLzX*s@_|}H!plx$yZ2^ujB-m8yx*#!(P%56mghC-ui6!z
z>0in;NB(CDCSWM@73@T}m+Rpr9?9=Leye@W6aHPrVrbW;zH6=FP>rC%9~7=HWv8P)
z73Z7XI30R8<T6dDbB~86#VO{2HvU{tIAj}*GQN)?CbdLKEB!u+^Am6B7r<O?c}4Wr
zua{SmP6mB>yja0e661J7M=}O~qUJips(a^(eyX!7>lImdTRXcIT4?S-Wg4p=5Iz+n
z7QBtCxgHTw$^Yqw^m8{T-eKCN*!~ZjBTDQb!(y;eFkgQtWn43m9i7TDkzb$SEsQa(
z+Y%mf4dBpnn9$n7E(>OW$@RYXf&9cb`<|ZKkk@6!!4j*9-lef(kZ`;d%~rX|6|?tZ
z1QK^d1VOs0%NIUK%Wymoi+e14(nc|ng=9u4{pK8aLX(L%WA<yd*g_p>+b}7bEE2c|
zYKa%|dyfM}8DQdFw^tt+aoam%eqaX8e_n)U?RZxm&1P+t&QOdV$d&4*)zrP0LM}*F
zk@R@@J`No0SKpB)^~tw0Hg$$JK-&_xWE_VjQPTuf$0?sTrsNQ&L!4+lA{Cx0^iv1I
z4YM~Ls#clO7cECJwG6n<F(G~9#QYXNEfeDG1lUHCi+8ZSo|{cQCGJh)a}7;R#qxkh
zSDF4YiNOx+er3!VjPpf%!x);9B#b;2+4t*fN~{XhcIsR|6Uk)&?-xwG5u+k`=afpU
zc`aVvV<Ns=b>;;8&pVz<UQkB}O$;e#MLZt5d~EjKvGwrkY;8_x2PT_Pwvwo9*lAq4
z!6vhQK0qy$ez!?)TqXxG>rc0)ar(YW$hvjpd0H4w-C*3Y(=K5@cnm5zU}E8WKHrI(
zU(_xGXrQ#G<7*iDR^*P0&bmvNap*0LgAHtl@DuXdKg_L#;RWHE6$8J0SiPG;=}v8g
zclcN|eQ09i?2yl$qRHQu{dDz}hOZ76OsCh+Gl5qIbCkefu+Cnqb`{P%zyA0Y&9(CM
zA1j-0Rl{x((@!TQmSEWmwP+Itb+*MRjs=e~Eay2`jpCb|RStJoQzp=1HCv=^XPdm`
z=~i7lFd-<1&`GjQbvjIi9yJLHuf=27K`ihj6aWlO_<tdx^R}jD)lt~O$K`DwS>nJn
z+a@n5F-ITk2Nc2u8(S!<s~;ZhdZ?$3$eP_EF@z>H@AkI*%8M@euJ9g1*KUut<I;~u
z0=GMRr?_N~dnMc!#<6#w5M<|${y?bKR0Q8c-nx6|m}ot;AJN8JZrH@N?ZXzIF^$0R
zhZb8G=gl~T;c&TA482tdHBbvG<hcZ<jlOO~gbMDj7^;tR-;D>AZ7u(kcuSlMDpbV3
zvl|^5<JQLkYd?nm9*>M%Z~>48dcf^Rc{R6478W6)ZWNNbbX#=QoXqEs@R<Vx;=F$#
z_rrRkIWs)_LH2@fN6#=h>O+uvyLJ0w72b^%yuVnXsTuae(nPbzkeQm5l|>A9%at%C
zD9r1j)>GIqg2L|`#IaqABr|4e+UVEx4K^&p8x_L;UMj!~2Ge#0^yo8FOA#x4toVIy
zA<!Gl$-n@xlGjXdIKD_o2}u2@vEe7!z-N$`NgpNC@4fnu;;1%ubHfsIzO95s^WFF<
z{<8XbYWFMt;-|6996oCs8#ejyAs6vwQH*N={knd#6u=+&%vwLB8pPMuI~jC0C5D`=
zJu&^Und0Z52}pM-EBYW8rBZ}M+7B4JtC}jVCOMNqtI51diuP_L2^0#&eg)!Id$tZ&
z5`k*5l1zK!bU-TpiD9#0JNkGql*9vS!Jgs^cNqMXLD6!K`R=3qu80hCSgI8ckbCp;
zJ4bmb>&4o9oR+A@XnUkGdQt-5d%v4NFv3lLGY*V-5tB6~OmsCTKQULw6z=n|4CFg6
z2RQWwREmyDRTpddCj0pYlxjc|B+Yg5%`WX6U<V*06l-ed%@S!tPQqG)yqk+=m)(Ct
z`j<C*kxGJ#;q9a1xsnr{)L~UF&Cs7(?*Kh|4BaAI?gl0!VXq}T&~X%=63;H_&QIJV
zU>gspEaK0llmlx|OIbP>8?VCdjRH2h5{xO>7n|;C6Vg?UXv!eO+wg?xq3E;E`_P&T
zv9q(+phY>i=1Q^q5Q1oqqyKd<Gr%>owx&cHt!rg*G~XmZ(r^rQC=9VJPP1q*Qz8VI
zAg^3*E)`C>^DWu=Y-`g{0La=K*8N+`=<`lr^1M?CBl8$^wpLe<WWJ}8lt`1p_3i5Z
z!xrOQzOSOPZsigeY340Gg0X`%8qIxP1TqF1*RiRZex7<0uN09wXv+s5OT~k|SWJdy
zyK|q`Q7U%kq8Y?cr*O-~gVOtOn(dz>=LZ0o#FdJlopb+A`?Vs0wNNn=NLy>>W)IyB
zQWRwRa93b&^GuA(ydO+VMow;grZmrgW@V^wl1`@uZhOlf|D2QR@ZnI|51vs&BO*00
z&9oh|a$Y4_iW&a4x3~8Ps^3YG5+W2mI9zck*r7^au*Eld{h(<TrHUaQUjwVFJ2IXw
z|J*4*e+n<boP*nhkT%t5+ug5E9%iGrb=ywWi(u?HX2!KhCooLl9^I(RARXiX7dD$?
z7|DN&vdOtr3v!UN0GbOiQ;lGGSnT1n77g|5@V|p6pzWb-UzP#W;~CM65ZwZ&8PP~R
zf1&YT$Ul=4y{^GR6$Ie%jgThIut%@$zc<m@GHYg$L=G|cvjq=S`KTs(Z)FLMEs;<Z
z{w7^m4_o><LMJLDu~T5(`g%~KQT9?rw`UO*SVKPNnByA{vJX2<+mPup!qqPsSaUMC
zZKcOT#R8G%VV`ncFPZe1zN}Z{gWs=UZ+=s~W2Y*6^KMkL{^xxVQLp~@zD#JCk=h(q
z&?f*_S85#SW{KRrc3C|R!8?cY^VPxYS~kcHJ{U>KbFLgcGufp2ZNE3k$m*p>IpR^^
zdEcuqZ<^JQx%Jiri1_Wi(STN_og-~U&~^yhp4T@8LIa!kgon74B>KgZNq#ut!fd-r
zKc#;}jS03G6Zm2Rdv@G;PYh8pW3q?x+sxH`Jfv2`YPLi6wDU7|D+jE0EutWYSo!Cx
zZpe=5WHpEByxgN<AZRTt&VK|sT9OpO`xB8EvfRtt<<P8o^y}zt&SablDd9?x7jK+I
zGv(g9S*JxsW~8k+f*p_Q(7KHEEYGiIH;lfEmOz`RSza}G0=}(gIq8zpr*LZU>m#{`
z`X2RT);2ZTm@`qmZz7h4N>)P}yNwU(=oEB#h}+w_a*ulXXa4?EXJe7DG$beBEAf-3
zqWrwrHAIrA!Sbg9f1NY&y^|>P1d2UjDA~QBImIg-M2sfoB=Ni1epw~25E?5j4$74S
zQJLtfYyefT=yRK!Vy&)_J*sRYBT=PM0aKXZgE{AD0^uL-=JztVpl}_u%2y(_>-1pq
zW=w`G3%Ko^*YkWOAo9MYc794J<1m4wr<Q7%XSI0c0n68GO3&rX7T?HlA=kMf5k&Wi
zd<)*`5hKKatrJMv$-MJkiGu+)Wqhk2!G8u{dBOJyj1{(|m>*%L-&uS1xXA3l^Si*l
z921SxLI!3{e1p^1(EA(_=$_z;%B)X@*~zYE#AgYp$BpW~zcEMbr`lY&c!{(00V`8_
zEC$=6B~5yN){dMsUT)S(O@AIeTSLgTLUV^qsZ%(!F-%DLQb|&#s;CDn0Z1BP2XzN1
zK_U84mn&NsuFq4T?w0N-mCH=<rp^C#XX9{tSBmEgZl54=|D|pW;~}BLeU=H%{z#PZ
fHIlAtKZ?wdK0e)GAFRmuw*d_GAi9-zpfUdfZo~b<

literal 0
HcmV?d00001

diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
new file mode 100644
index 0000000000..43449f403a
--- /dev/null
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -0,0 +1,39 @@
+---
+title: TenantLockdown CSP
+description: 
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/13/2018
+---
+
+# TenantLockdown CSP
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This CSP was added in Windows 10, next major version.
+
+The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes.
+
+> [!Note]  
+> The forced network connection is only applicable to devices after reset (not new).
+
+The following diagram shows the TenantLockdown configuration service provider in tree format.
+
+![TenantLockdown CSP diagram](images/provisioning-csp-tenantlockdown.png)
+
+<a href="" id="tenantlockdown"></a>**./Vendor/MSFT/TenantLockdown**  
+The root node.
+
+<a href="" id="requirenetworkinoobe"></a>**RequireNetworkInOOBE**  
+Specifies whether to require a network connection during the out-of-box experience (OOBE) at first logon.
+
+When RequireNetworkInOOBE is true, when the device goes through OOBE at first logon or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option.
+
+Value type is bool. Supported operations are Get and Replace.
+
+-  true - Require network in OOBE  
+-  false - No network connection requirement in OOBE
+
+Example scenario:  Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account.
\ No newline at end of file
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
new file mode 100644
index 0000000000..4c75123a3f
--- /dev/null
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -0,0 +1,75 @@
+---
+title: TenantLockdown DDF file
+description: XML file containing the device description framework
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: MariciaAlforque
+ms.date: 08/13/2018
+---
+
+# TenantLockdown DDF file 
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+This topic shows the OMA DM device description framework (DDF) for the **TenantLockdown** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+The XML below is for Windows 10, next major version.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
+        <NodeName>TenantLockdown</NodeName>
+        <Path>./Vendor/MSFT</Path>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.0/MDM/TenantLockdown</MIME>
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>RequireNetworkInOOBE</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>false</DefaultValue>
+            <Description>true - Require network in OOBE, false - no network connection requirement in OOBE</Description>
+            <DFFormat>
+              <bool />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 5efc199b30..5718fd4b66 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -16,7 +16,7 @@ ms.date: 07/19/2018
 
 The Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telementry health. This CSP was added in Windows 10, next major version.
 
-The following diagram shows the Storage configuration service provider in tree format.
+The following diagram shows the Win32CompatibilityAppraiser configuration service provider in tree format.
 
 ![Win32CompatibilityAppraiser CSP diagram](images/provisioning-csp-win32compatibilityappraiser.png)