deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add networklistmanager csp

Browse Source
This commit is contained in:
Aaron Czechowski 2022-12-20 14:48:16 -08:00
parent ec9b1e7787
commit 2c4ef999a6
1 changed files with 89 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
windows/client-management/mdm/policy-csp-networklistmanager.md
View File

@ -1,111 +1,125 @@
--- ---
title: Policy CSP - NetworkListManager title: NetworkListManager Policy CSP
description: Policy CSP - NetworkListManager is a setting creates a new MDM policy. This setting allows admins to configure a list of URIs of HTTPS endpoints that are considered secure. description: Learn more about the NetworkListManager Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.topic: article ms.date: 12/20/2022
ms.localizationpriority: medium
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.localizationpriority: medium
ms.date: 12/16/2021
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- NetworkListManager-Begin -->
# Policy CSP - NetworkListManager # Policy CSP - NetworkListManager
<hr/> <!-- NetworkListManager-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- NetworkListManager-Editable-End -->
<!--Policies--> <!-- AllowedTlsAuthenticationEndpoints-Begin -->
## NetworkListManager policies ## AllowedTlsAuthenticationEndpoints
<dl> <!-- AllowedTlsAuthenticationEndpoints-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#networklistmanager-allowedtlsauthenticationendpoints">NetworkListManager/AllowedTlsAuthenticationEndpoints</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<dd> <!-- AllowedTlsAuthenticationEndpoints-Applicability-End -->
<a href="#networklistmanager-configuredtlsauthenticationnetworkname">NetworkListManager/ConfiguredTLSAuthenticationNetworkName</a>
</dd>
</dl>
<hr/> <!-- AllowedTlsAuthenticationEndpoints-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllowedTlsAuthenticationEndpoints
```
<!-- AllowedTlsAuthenticationEndpoints-OmaUri-End -->
<!--Policy--> <!-- AllowedTlsAuthenticationEndpoints-Description-Begin -->
<a href="" id="networklistmanager-allowedtlsauthenticationendpoints"></a>**NetworkListManager/AllowedTlsAuthenticationEndpoints** <!-- Description-Source-DDF -->
List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
<!-- AllowedTlsAuthenticationEndpoints-Description-End -->
<!--SupportedSKUs--> <!-- AllowedTlsAuthenticationEndpoints-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|Edition|Windows 10|Windows 11| When entering a list of TLS endpoints in Microsoft Intune, use the following format, even in the UI:
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
When entering a list of TLS endpoints in Microsoft Intune, you must follow this format, even in the UI:
`<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>` `<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>`
- The HTTPS endpoint must not have any more authentication checks, such as login or multi-factor authentication. - The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
- The HTTPS endpoint must be an internal address not accessible from outside the corporate network. - The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store. - The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
- A certificate shouldn't be a public certificate. - A certificate shouldn't be a public certificate.
<!-- AllowedTlsAuthenticationEndpoints-Editable-End -->
<hr/> <!-- AllowedTlsAuthenticationEndpoints-DFProperties-Begin -->
**Description framework properties**:
<!--Policy--> | Property name | Property value |
<a href="" id="networklistmanager-configuredtlsauthenticationnetworkname"></a>**NetworkListManager/ConfiguredTLSAuthenticationNetworkName** |:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `0xF000`) |
<!-- AllowedTlsAuthenticationEndpoints-DFProperties-End -->
<!--SupportedSKUs--> <!-- AllowedTlsAuthenticationEndpoints-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowedTlsAuthenticationEndpoints-Examples-End -->
|Edition|Windows 10|Windows 11| <!-- AllowedTlsAuthenticationEndpoints-End -->
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
|Windows SE|No|No|
|Business|No|No|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- ConfiguredTlsAuthenticationNetworkName-Begin -->
<hr/> ## ConfiguredTlsAuthenticationNetworkName
<!--Scope--> <!-- ConfiguredTlsAuthenticationNetworkName-Applicability-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
<!-- ConfiguredTlsAuthenticationNetworkName-Applicability-End -->
> [!div class = "checklist"] <!-- ConfiguredTlsAuthenticationNetworkName-OmaUri-Begin -->
> * Machine ```Device
./Device/Vendor/MSFT/Policy/Config/NetworkListManager/ConfiguredTlsAuthenticationNetworkName
```
<!-- ConfiguredTlsAuthenticationNetworkName-OmaUri-End -->
<hr/> <!-- ConfiguredTlsAuthenticationNetworkName-Description-Begin -->
<!-- Description-Source-DDF -->
The string will be used to name the network authenticated against one of the endpoints listed in AllowedTlsAuthenticationEndpoints policy
<!-- ConfiguredTlsAuthenticationNetworkName-Description-End -->
<!--/Scope--> <!-- ConfiguredTlsAuthenticationNetworkName-Editable-Begin -->
<!--Description--> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
This policy setting provides the string that is to be used to name a network. That network is authenticated against one of the endpoints that are listed in NetworkListManager/AllowedTlsAuthenticationEndpoints policy. If this setting is used for Trusted Network Detection in an _Always On_ VPN profile, it must be the DNS suffix that is configured in the TrustedNetworkDetection attribute.
<hr/> This policy setting provides the string that names a network. If this setting is used for Trusted Network Detection in an Always On VPN profile, it must be the DNS suffix that is configured in the TrustedNetworkDetection attribute.
<!--/Policies--> <!-- ConfiguredTlsAuthenticationNetworkName-Editable-End -->
<!-- ConfiguredTlsAuthenticationNetworkName-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ConfiguredTlsAuthenticationNetworkName-DFProperties-End -->
<!-- ConfiguredTlsAuthenticationNetworkName-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ConfiguredTlsAuthenticationNetworkName-Examples-End -->
<!-- ConfiguredTlsAuthenticationNetworkName-End -->
<!-- NetworkListManager-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- NetworkListManager-CspMoreInfo-End -->
<!-- NetworkListManager-End -->
## Related articles ## Related articles