From 2172f288d1d8851dffcce22c08ce253cf45e7d04 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 17 Feb 2023 18:31:39 -0500 Subject: [PATCH] Fix issues --- windows/client-management/mdm/defender-csp.md | 4 +- windows/client-management/mdm/laps-csp.md | 2 +- .../client-management/mdm/remotelock-csp.md | 199 ------------------ .../mdm/remotelock-ddf-file.md | 149 ------------- windows/client-management/mdm/toc.yml | 5 - 5 files changed, 3 insertions(+), 356 deletions(-) delete mode 100644 windows/client-management/mdm/remotelock-csp.md delete mode 100644 windows/client-management/mdm/remotelock-ddf-file.md diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 2975f06a35..b2d815dd03 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -633,7 +633,7 @@ Control Device Control default enforcement. This is the enforcement applied if t -Follow the instructions provided here: +Follow the instructions provided here: @@ -748,7 +748,7 @@ Follow the instructions provided here: -Follow the instructions provided here: +Follow the instructions provided here: diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index acc2c04bb2..2e45d80cfd 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -807,7 +807,7 @@ This setting has a maximum allowed value of 24 hours. -# Settings Applicability +## Settings Applicability The LAPS CSP can be used to manage devices that are either joined to Azure AD or joined to both Azure AD and Active Directory (hybrid-joined). The LAPS CSP manages a mix of AAD-only and AD-only settings. The AD-only settings are only applicable for hybrid-joined devices, and then only when BackupDirectory is set to 2. diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md deleted file mode 100644 index 3f7799438c..0000000000 --- a/windows/client-management/mdm/remotelock-csp.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: RemoteLock CSP -description: Learn more about the RemoteLock CSP. -author: vinaypamnani-msft -manager: aaroncz -ms.author: vinpa -ms.date: 02/17/2023 -ms.localizationpriority: medium -ms.prod: windows-client -ms.technology: itpro-manage -ms.topic: reference ---- - - - - -# RemoteLock CSP - - - - - - -The following example shows the RemoteLock configuration service provider in tree format. - -```text -./Device/Vendor/MSFT/RemoteLock ---- Lock ---- LockAndRecoverPIN ---- LockAndResetPIN ---- NewPINValue -``` - - - -## Lock - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | - - - -```Device -./Device/Vendor/MSFT/RemoteLock/Lock -``` - - - - -Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed here in the protocol specification. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | null | -| Access Type | Exec, Get | - - - - - - - - - -## LockAndRecoverPIN - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later | - - - -```Device -./Device/Vendor/MSFT/RemoteLock/LockAndRecoverPIN -``` - - - - -This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work. Executing this node requires a ticket from the Microsoft credential reset service. Additionally, the execution of this setting is only supported when the EnablePinRecovery policy is set on the client. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | null | -| Access Type | Exec, Get | - - - - - - - - - -## LockAndResetPIN - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | - - - -```Device -./Device/Vendor/MSFT/RemoteLock/LockAndResetPIN -``` - - - - -This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the Exec operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | null | -| Access Type | Exec, Get | - - - - - - - - - -## NewPINValue - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1511 [10.0.10586] and later | - - - -```Device -./Device/Vendor/MSFT/RemoteLock/NewPINValue -``` - - - - -This setting contains the PIN after Exec has been called on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin. If LockAndResetPIN or LockAndResetPIN has never been called, the value will be null. If Get is called on this node after a successful Exec call on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin, then the new PIN will be provided. If another Get command is called on this node, the value will be null. If you need to reset the PIN again, then another LockAndResetPIN Exec can be communicated to the device to generate a new PIN. The PIN value will conform to the minimum PIN complexity requirements of the merged policies that are set on the device. If no PIN policy has been set on the device, the generated PIN will conform to the default policy of the device. A Get operation on this node must follow an Exec operation on the /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin node in the proper order and in the same SyncML message. The Sequence tag can be used to guarantee the order in which commands are processed. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | chr (string) | -| Access Type | Get | - - - - - - - - - - - - - - -## Related articles - -[Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/remotelock-ddf-file.md b/windows/client-management/mdm/remotelock-ddf-file.md deleted file mode 100644 index e3072a93ef..0000000000 --- a/windows/client-management/mdm/remotelock-ddf-file.md +++ /dev/null @@ -1,149 +0,0 @@ ---- -title: RemoteLock DDF file -description: View the XML file containing the device description framework (DDF) for the RemoteLock configuration service provider. -author: vinaypamnani-msft -manager: aaroncz -ms.author: vinpa -ms.date: 02/17/2023 -ms.localizationpriority: medium -ms.prod: windows-client -ms.technology: itpro-manage -ms.topic: reference ---- - - - -# RemoteLock DDF file - -The following XML file contains the device description framework (DDF) for the RemoteLock configuration service provider. - -```xml - -]> - - 1.2 - - - - RemoteLock - ./Device/Vendor/MSFT - - - - - - - - - - - - - - - - - - 10.0.10586 - 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD; - - - - Lock - - - - - - Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed here in the protocol specification - - - - - - - - - - - - - - - - LockAndResetPIN - - - - - - This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the Exec operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. - - - - - - - - - - - - - - - - LockAndRecoverPIN - - - - - - This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work. Executing this node requires a ticket from the Microsoft credential reset service. Additionally, the execution of this setting is only supported when the EnablePinRecovery policy is set on the client. - - - - - - - - - - - - - - 10.0.15063 - 1.0 - - - - - NewPINValue - - - - - This setting contains the PIN after Exec has been called on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin. If LockAndResetPIN or LockAndResetPIN has never been called, the value will be null. If Get is called on this node after a successful Exec call on /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin, then the new PIN will be provided. If another Get command is called on this node, the value will be null. If you need to reset the PIN again, then another LockAndResetPIN Exec can be communicated to the device to generate a new PIN. The PIN value will conform to the minimum PIN complexity requirements of the merged policies that are set on the device. If no PIN policy has been set on the device, the generated PIN will conform to the default policy of the device. A Get operation on this node must follow an Exec operation on the /RemoteLock/LockAndResetPIN or /RemoteLock/LockAndRecoverPin node in the proper order and in the same SyncML message. The Sequence tag can be used to guarantee the order in which commands are processed. - - - - - - - - - - - - - - - - -``` - -## Related articles - -[RemoteLock configuration service provider reference](remotelock-csp.md) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index dafc80cf73..a83a0d85fa 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -835,11 +835,6 @@ items: items: - name: RemoteFind DDF file href: remotefind-ddf-file.md - - name: RemoteLock - href: remotelock-csp.md - items: - - name: RemoteLock DDF file - href: remotelock-ddf-file.md - name: RemoteWipe href: remotewipe-csp.md items: