mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 13:23:36 +00:00
Merge pull request #780 from MicrosoftDocs/medgar-working
Medgar working
This commit is contained in:
Dani Halfin
GitHub
@ -95,7 +95,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|
||||
1. **OneDrive**
|
||||
1. MDM Policy: [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
|
||||
1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001"). There is a folder named "adm" which contains the admx and adml policy definition files.
|
||||
1. MDM Policy: Prevent Network Traffic before User SignIn. PreventNetworkTrafficPreUserSignIn. The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn, String, \<enabled/>
|
||||
1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn, **String, \<enabled/>**
|
||||
|
||||
1. **Privacy settings** Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
|
||||
1. General - [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection). This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)**
|
||||
@ -137,13 +137,13 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|
||||
1. **Microsoft Store**
|
||||
1. [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps). Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
|
||||
1. [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate). Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
|
||||
1 **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
|
||||
1. **Apps for websites** - [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers). This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
|
||||
1. **Windows Update Delivery Optimization** - The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
|
||||
1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
|
||||
1. **Windows Update**
|
||||
1. [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Control automatic updates. **Set to 5 (five)**
|
||||
1. Windows Update Allow Update Service - [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
|
||||
1. Windows Update Service URL - [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value next to item "a" below:
|
||||
1. Windows Update Service URL - [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value next to item below:
|
||||
1. \<Replace>\<CmdID>$CmdID$</CmdID>\<Item>\<Meta>\<Format>chr</Format>\<Type>text/plain</Type>\</Meta>\<Target> \<LocURI>./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl</LocURI>\</Target>\<Data>http://abcd-srv:8530</Data>\</Item>\</Replace>
|
||||
|
||||
### <a href="" id="bkmk-mdm-whitelist"></a> Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations
|
||||
|
||||
@ -67,7 +67,7 @@ The following table lists management options for each setting, beginning with Wi
|
||||
| [9. License Manager](#bkmk-licmgr) | | |  |
|
||||
| [10. Live Tiles](#live-tiles) | |  |  |
|
||||
| [11. Mail synchronization](#bkmk-mailsync) |  | |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | | |  |
|
||||
| [13. Microsoft Edge](#bkmk-edge) |  |  |  |
|
||||
| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
|
||||
| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
|
||||
@ -103,12 +103,11 @@ The following table lists management options for each setting, beginning with Wi
|
||||
| [22. Teredo](#bkmk-teredo) | |  |  |
|
||||
| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  |  |
|
||||
| [24. Windows Defender](#bkmk-defender) | |  |  |
|
||||
| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |
|
||||
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
|
||||
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
|
||||
| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  |  |
|
||||
| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
|
||||
| [28. Windows Update](#bkmk-wu) | |  |  |
|
||||
| [27. Apps for websites](#bkmk-apps-for-websites) | |  |  |
|
||||
| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
|
||||
| [29. Windows Update](#bkmk-wu) | |  |  |
|
||||
|
||||
|
||||
### Settings for Windows Server 2016 with Desktop Experience
|
||||
@ -125,17 +124,16 @@ See the following table for a summary of the management settings for Windows Ser
|
||||
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |
|
||||
| [8. Internet Explorer](#bkmk-ie) |  |  |  |
|
||||
| [10. Live Tiles](#live-tiles) | |  |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | | |  |
|
||||
| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
|
||||
| [16. OneDrive](#bkmk-onedrive) | |  |  |
|
||||
| [18. Settings > Privacy](#bkmk-settingssection) | | | |
|
||||
| [18.1 General](#bkmk-general) |  |  |  |
|
||||
| [19. Software Protection Platform](#bkmk-spp) | |  |  |
|
||||
| [22. Teredo](#bkmk-teredo) | |  |  |
|
||||
| [24. Windows Defender](#bkmk-defender) | |  |  |
|
||||
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
|
||||
| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  |  |
|
||||
| [28. Windows Update](#bkmk-wu) | |  |  |
|
||||
| [27. Apps for websites](#bkmk-apps-for-websites) | |  |  |
|
||||
| [29. Windows Update](#bkmk-wu) | |  |  |
|
||||
|
||||
### Settings for Windows Server 2016 Server Core
|
||||
|
||||
@ -150,7 +148,7 @@ See the following table for a summary of the management settings for Windows Ser
|
||||
| [19. Software Protection Platform](#bkmk-spp) |  |  |
|
||||
| [22. Teredo](#bkmk-teredo) |  |  |
|
||||
| [24. Windows Defender](#bkmk-defender) |  |  |
|
||||
| [28. Windows Update](#bkmk-wu) |  |  |
|
||||
| [29. Windows Update](#bkmk-wu) |  |  |
|
||||
|
||||
### Settings for Windows Server 2016 Nano Server
|
||||
|
||||
@ -161,7 +159,7 @@ See the following table for a summary of the management settings for Windows Ser
|
||||
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |
|
||||
| [3. Date & Time](#bkmk-datetime) |  |
|
||||
| [22. Teredo](#bkmk-teredo) |  |
|
||||
| [28. Windows Update](#bkmk-wu) |  |
|
||||
| [29. Windows Update](#bkmk-wu) |  |
|
||||
|
||||
### Settings for Windows Server 2019
|
||||
|
||||
@ -179,7 +177,7 @@ See the following table for a summary of the management settings for Windows Ser
|
||||
| [8. Internet Explorer](#bkmk-ie) |  |  |  |
|
||||
| [10. Live Tiles](#live-tiles) | |  |  |
|
||||
| [11. Mail synchronization](#bkmk-mailsync) |  | |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
|
||||
| [12. Microsoft Account](#bkmk-microsoft-account) | | |  |
|
||||
| [13. Microsoft Edge](#bkmk-edge) |  |  |  |
|
||||
| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
|
||||
| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
|
||||
@ -215,12 +213,11 @@ See the following table for a summary of the management settings for Windows Ser
|
||||
| [22. Teredo](#bkmk-teredo) | |  |  |
|
||||
| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  |  |
|
||||
| [24. Windows Defender](#bkmk-defender) | |  |  |
|
||||
| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |
|
||||
| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
|
||||
| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
|
||||
| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | |
|
||||
| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
|
||||
| [28. Windows Update](#bkmk-wu) | |  |  |
|
||||
| [27. Apps for websites](#bkmk-apps-for-websites) | |  | |
|
||||
| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
|
||||
| [29. Windows Update](#bkmk-wu) | |  |  |
|
||||
|
||||
## How to configure each setting
|
||||
|
||||
@ -1783,7 +1780,7 @@ On Windows Server 2016, this will block Microsoft Store calls from Universal Win
|
||||
|
||||
- Create a new REG_DWORD registry setting named **AutoDownload** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 2 (two).
|
||||
|
||||
### <a href="" id="bkmk-apps-for-websites"></a>26.1 Apps for websites
|
||||
### <a href="" id="bkmk-apps-for-websites"></a>27. Apps for websites
|
||||
|
||||
You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
|
||||
|
||||
@ -1793,7 +1790,7 @@ You can turn off apps for websites, preventing customers who visit websites that
|
||||
|
||||
- Create a new REG_DWORD registry setting named **EnableAppUriHandlers** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
|
||||
|
||||
### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization
|
||||
### <a href="" id="bkmk-updates"></a>28. Windows Update Delivery Optimization
|
||||
|
||||
Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
|
||||
|
||||
@ -1803,13 +1800,13 @@ Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization.
|
||||
|
||||
In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (100), as described below.
|
||||
|
||||
### <a href="" id="bkmk-wudo-ui"></a>27.1 Settings > Update & security
|
||||
### <a href="" id="bkmk-wudo-ui"></a>28.1 Settings > Update & security
|
||||
|
||||
You can set up Delivery Optimization from the **Settings** UI.
|
||||
|
||||
- Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**.
|
||||
|
||||
### <a href="" id="bkmk-wudo-gp"></a>27.2 Delivery Optimization Group Policies
|
||||
### <a href="" id="bkmk-wudo-gp"></a>28.2 Delivery Optimization Group Policies
|
||||
|
||||
You can find the Delivery Optimization Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**.
|
||||
|
||||
@ -1821,7 +1818,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
|
||||
| Max Cache Size | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
|
||||
| Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
|
||||
|
||||
### <a href="" id="bkmk-wudo-mdm"></a>27.3 Delivery Optimization
|
||||
### <a href="" id="bkmk-wudo-mdm"></a>28.3 Delivery Optimization
|
||||
|
||||
- **Enable** the **Download Mode** Group Policy under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization** and set the **Download Mode** to **"Bypass"** to prevent traffic.
|
||||
|
||||
@ -1832,7 +1829,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
|
||||
|
||||
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
|
||||
|
||||
### <a href="" id="bkmk-wu"></a>28. Windows Update
|
||||
### <a href="" id="bkmk-wu"></a>29. Windows Update
|
||||
|
||||
You can turn off Windows Update by setting the following registry entries:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user