Merge pull request #8539 from PeterSmithRedmond/patch-5

Update to include the 2004 'Direction' value

windows/client-management/mdm/vpnv2-csp.md

@@ -2,14 +2,14 @@
 title: VPNv2 CSP
 description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 11/01/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 CSP
@@ -30,8 +30,8 @@ Here are the requirements for this CSP:
 
 The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
 
--   C:\\Windows\\schemas\\EAPHost
+- `C:\\Windows\\schemas\\EAPHost`
--   C:\\Windows\\schemas\\EAPMethods
+- `C:\\Windows\\schemas\\EAPMethods`
 
 The following diagram shows the VPNv2 configuration service provider in tree format.
 
@@ -45,7 +45,8 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu
 
 Supported operations include Get, Add, and Delete.
 
-> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
+> [!NOTE]
+> If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
 <a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/**<em>ProfileName</em>**/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
@@ -138,9 +139,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-webproxyservers"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/WebProxyServers**  
 Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
 
-> **Note**  Currently only one web proxy server is supported.
+> [!NOTE]
-
+> Currently only one web proxy server is supported.
- 
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -166,9 +166,8 @@ Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-trafficfilterlist"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList**  
 An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
 
-> **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
+> [!NOTE]
-
+> Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
- 
 
 When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
 
@@ -205,18 +204,16 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalPortRanges**  
 A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
+> [!NOTE]
-
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
- 
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 <a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemotePortRanges**  
 A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
+> [!NOTE]
-
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
- 
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -240,6 +237,16 @@ This is only applicable for App ID based Traffic Filter rules.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-direction"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/Direction**  
+Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
+
+- Outbound - The rule applies to all outbound traffic
+- nbound - The rule applies to all inbound traffic
+
+If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
+
+Value type is chr. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-edpmodeid"></a>**VPNv2/**<em>ProfileName</em>**/EdpModeId**  
 Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 
@@ -255,13 +262,14 @@ Supported operations include Get, Add, Replace, and Delete.
 <a href="" id="vpnv2-profilename-alwayson"></a>**VPNv2/**<em>ProfileName</em>**/AlwaysOn**  
 An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
 
-> **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
+> [!NOTE]
+> Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
 Preserving user Always On preference
 
 Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
 Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
-Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
 Value: AutoTriggerDisabledProfilesList
 Type: REG_MULTI_SZ
 
@@ -450,7 +458,8 @@ Required for native profiles. Type of tunneling protocol used. This value can be
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
-> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
+> [!NOTE]
+> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
 
 <a href="" id="vpnv2-profilename-nativeprofile-authentication"></a>**VPNv2/**<em>ProfileName</em>**/NativeProfile/Authentication**  
 Required node for native profile. It contains authentication information for the native VPN profile.
@@ -1308,8 +1317,7 @@ Servers
       </Add>
 ```
 
-## Related topics
+## See also
-
 
 [Configuration service provider reference](configuration-service-provider-reference.md)