deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Freshness - EDU content

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-09-11 07:43:34 -04:00
parent 595d206cb9
commit 24025ce7ef
3 changed files with 45 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
education/windows/federated-sign-in.md
View File

@ -1,13 +1,12 @@
---
title: Configure federated sign-in for Windows devices
description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
ms.date: 05/01/2023
description: Learn about federated sign-in in Windows how to configure it.
ms.date: 09/11/2023
ms.topic: how-to
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
ms.collection:
- highpri
- tier1
- education
---
@ -77,21 +76,25 @@ To use web sign-in with a federated identity provider, your devices must be conf
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
[!INCLUDE [intune-settings-catalog-1](../../includes/configure/intune-settings-catalog-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Category | Setting name | Value |
|--|--|--|
| Education | Is Education Environment | Enabled |
| Federated Authentication | Enable Web Sign In For Primary User | Enabled |
| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the following settings:
| Setting |
|--------|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
:::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true":::
[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`<br>**Data type**: int<br>**Value**: `1`|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser`<br>**Data type**: int<br>**Value**: `1`|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`<br>**Data type**: String <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** <br>**Data type**: String <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
@ -99,10 +102,10 @@ To configure federated sign-in using a provisioning package, use the following s
| Setting |
|--------|
| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
| <li> Path: **`FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Value: **Enabled**</li>|
| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
| **Path**: `Education/IsEducationEnvironment` <br>**Value**: Enabled|
| **Path**: `FederatedAuthentication/EnableWebSignInForPrimaryUser` <br>**Value**: Enabled|
| **Path**: `Policies/Authentication/ConfigureWebSignInAllowedUrls` <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
| **Path**: `Policies/Authentication/ConfigureWebCamAccessDomainNames` <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
:::image type="content" source="images/federated-sign-in-settings-ppkg.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-ppkg.png" border="true":::
@ -119,20 +122,27 @@ To use web sign-in with a federated identity provider, your devices must be conf
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
[!INCLUDE [intune-settings-catalog-1](../../includes/configure/intune-settings-catalog-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Category | Setting name | Value |
|--|--|--|
| Education | Is Education Environment | Enabled |
| SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
| Authentication | Enable Web Sign In | Enabled |
| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the following settings:
| Setting |
|--------|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Data type: **Boolean** </li><li>Value: **True**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`<br>**Data type**: int<br>**Value**: `1`|
| **OMA-URI**: `./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`<br>**Data type**: Boolean<br>**Value**: True|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn`<br>**Data type**: Integer<br>**Value**: `1`|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`<br>**Data type**: String <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`<br>**Data type**: String <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
@ -140,11 +150,11 @@ To configure federated sign-in using a provisioning package, use the following s
| Setting |
|--------|
| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
| <li> Path: **`SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Value: **True**</li>|
| <li> Path: **`Policies/Authentication/EnableWebSignIn`** </li><li>Value: **Enabled**</li>|
| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
| <li> Path: **`Education/IsEducationEnvironment`**<br>Value: **Enabled**|
| <li> Path: **`SharedPC/EnableSharedPCModeWithOneDriveSync`**<br>Value: **True**|
| <li> Path: **`Policies/Authentication/EnableWebSignIn`**<br>Value: **Enabled**|
| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`**<br>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**|
| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`**<br>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**|
Apply the provisioning package to the shared devices that require federated sign-in.
@ -245,7 +255,7 @@ Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@exa
[GRAPH-1]: /graph/api/user-post-users?tabs=powershell
[EXT-1]: https://support.clever.com/hc/s/articles/000001546
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
[INT-1]: /mem/intune/configuration/custom-settings-windows-10
[MSFT-1]: https://www.microsoft.com/download/details.aspx?id=56843

3
education/windows/get-minecraft-for-education.md
View File

@ -2,9 +2,8 @@
title: Get and deploy Minecraft Education
description: Learn how to obtain and distribute Minecraft Education to Windows devices.
ms.topic: how-to
ms.date: 02/23/2023
ms.date: 09/11/2023
ms.collection:
- highpri
- education
- tier2
---

BIN
education/windows/images/federated-sign-in-settings-intune.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 102 KiB