deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Acrolinx

Browse Source
This commit is contained in:
Siddarth Mandalika 2022-02-25 13:25:47 +05:30
parent ef85bd6ea0
commit 2e5c98fc28
5 changed files with 76 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -19,7 +19,7 @@ The EnterpriseAPN configuration service provider (CSP) is used by the enterprise
> [!Note]
> Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
The following shows the EnterpriseAPN configuration service provider in tree format.
The following example shows the EnterpriseAPN configuration service provider in tree format.
```
./Vendor/MSFT
EnterpriseAPN
@ -52,7 +52,7 @@ EnterpriseAPN
<p>Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="enterpriseapn-connectionname-iptype"></a>**EnterpriseAPN/*ConnectionName*/IPType**
<p>This value can be one of the following:</p>
<p>This value can be one of the following values:</p>
- IPv4 - only IPV4 connection type
- IPv6 - only IPv6 connection type
@ -67,12 +67,12 @@ EnterpriseAPN
<p>Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="enterpriseapn-connectionname-classid"></a>**EnterpriseAPN/*ConnectionName*/ClassId**
<p>GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.</p>
<p>GUID that defines the APN class to the modem. This GUID is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.</p>
<p>Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="enterpriseapn-connectionname-authtype"></a>**EnterpriseAPN/*ConnectionName*/AuthType**
<p>Authentication type. This value can be one of the following:</p>
<p>Authentication type. This value can be one of the following values:</p>
- None (default)
- Auto
@ -93,7 +93,7 @@ EnterpriseAPN
<p>Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="enterpriseapn-connectionname-iccid"></a>**EnterpriseAPN/*ConnectionName*/IccId**
<p>Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node is not present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.</p>
<p>Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.</p>
<p>Supported operations are Add, Get, Delete, and Replace.</p>

18
windows/client-management/mdm/enterpriseappmanagement-csp.md
View File

@ -21,7 +21,7 @@ The EnterpriseAppManagement enterprise configuration service provider is used to
> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
The following shows the EnterpriseAppManagement configuration service provider in tree format.
The following example shows the EnterpriseAppManagement configuration service provider in tree format.
```console
./Vendor/MSFT
@ -52,7 +52,7 @@ EnterpriseAppManagement
```
<a href="" id="enterpriseid"></a>***EnterpriseID***
Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications.
Optional. A dynamic node that represents the EnterpriseID as a GUID. It's used to enroll or unenroll enterprise applications.
Supported operations are Add, Delete, and Get.
@ -190,11 +190,11 @@ Supported operation is Exec.
### Install and Update Line of Business (LOB) applications
A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support a variety of file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section.
A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support various file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section.
### Uninstall Line of Business (LOB) applications
A workplace can also remotely uninstall Line of Business applications on the device. It is not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that are not installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section
A workplace can also remotely uninstall Line of Business applications on the device. It's not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that aren't installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section.
### Query installed Store application
@ -242,7 +242,7 @@ All node values under the ProviderID interior node represent the policy values t
- An Add or Replace command on those nodes returns success in both of the following cases:
- The value is actually applied to the device.
- The value is applied to the device.
- The value isnt applied to the device because the device has a more secure value set already.
@ -252,9 +252,9 @@ From a security perspective, the device complies with the policy request that is
- If a Replace command fails, the node value is set to be the previous value before Replace command was applied.
- If an Add command fails, the node is not created.
- If an Add command fails, the node isn't created.
The value actually applied to the device can be queried via the nodes under the DeviceValue interior node.
The value applied to the device can be queried via the nodes under the DeviceValue interior node.
## OMA DM examples
@ -303,7 +303,7 @@ Update the enrollment token (for example, to update an expired application enrol
</Replace>
```
Query all installed applications that belong to enterprise id “4000000001”:
Query all installed applications that belong to enterprise ID “4000000001”:
```xml
<Get>
@ -430,7 +430,7 @@ Response from the device (that contains two installed applications):
Install or update the installed app with the product ID “{B316008A-141D-4A79-810F-8B764C4CFDFB}”.
To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog.
To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application doesn't exist, the application will be silently installed without any user interaction. If the application can't be installed, the user will be notified with an Alert dialog.
> [!NOTE]
> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).

22
windows/client-management/mdm/enterprisedataprotection-csp.md
View File

@ -29,7 +29,7 @@ To learn more about WIP, see the following articles:
- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
The following shows the EnterpriseDataProtection CSP in tree format.
The following example shows the EnterpriseDataProtection CSP in tree format.
```console
./Device/Vendor/MSFT
@ -53,7 +53,7 @@ The root node for the CSP.
The root node for the Windows Information Protection (WIP) configuration settings.
<a href="" id="settings-edpenforcementlevel"></a>**Settings/EDPEnforcementLevel**
Set the WIP enforcement level. Note that setting this value is not sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
Set the WIP enforcement level. Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
The following list shows the supported values:
@ -67,7 +67,7 @@ Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-enterpriseprotecteddomainnames"></a>**Settings/EnterpriseProtectedDomainNames**
A list of domains used by the enterprise for its user identities separated by pipes (&quot;|&quot;).The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
Changing the primary enterprise ID is not supported and may cause unexpected behavior on the client.
Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
> [!Note]
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
@ -82,7 +82,7 @@ Here are the steps to create canonical domain names:
Supported operations are Add, Get, Replace, and Delete. Value type is string.
<a href="" id="settings-allowuserdecryption"></a>**Settings/AllowUserDecryption**
Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user will not be able to remove protection from enterprise content through the operating system or the application user experiences.
Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user won't be able to remove protection from enterprise content through the operating system or the application user experiences.
> [!IMPORTANT]
> Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
@ -97,7 +97,7 @@ Most restricted value is 0.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-datarecoverycertificate"></a>**Settings/DataRecoveryCertificate**
Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through mobile device management (MDM) instead of Group Policy.
Specifies a recovery certificate that can be used for data recovery of encrypted files. This certificate is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through mobile device management (MDM) instead of Group Policy.
> [!Note]
> If this policy and the corresponding Group Policy setting are both configured, the Group Policy setting is enforced.
@ -226,12 +226,12 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG {
} PUBLIC_KEY_SOURCE_TAG, *PPUBLIC_KEY_SOURCE_TAG;
```
For EFSCertificate KeyTag, it is expected to be a DER ENCODED binary certificate.
For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
<a href="" id="settings-revokeonunenroll"></a>**Settings/RevokeOnUnenroll**
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
@ -241,7 +241,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-revokeonmdmhandoff"></a>**Settings/RevokeOnMDMHandoff**
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys
- 1 (default) - Revoke keys
@ -262,8 +262,8 @@ Specifies whether to allow Azure RMS encryption for WIP.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-smbautoencryptedfileextensions"></a>**Settings/SMBAutoEncryptedFileExtensions**
Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for <a href="policy-configuration-service-provider.md#networkisolation-enterpriseiprange" data-raw-source="[NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange)">NetworkIsolation/EnterpriseIPRange</a> and <a href="policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames" data-raw-source="[NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames)">NetworkIsolation/EnterpriseNetworkDomainNames</a>. Use semicolon (;) delimiter in the list.
When this policy is not specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted.
Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for <a href="policy-configuration-service-provider.md#networkisolation-enterpriseiprange" data-raw-source="[NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange)">NetworkIsolation/EnterpriseIPRange</a> and <a href="policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames" data-raw-source="[NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames)">NetworkIsolation/EnterpriseNetworkDomainNames</a>. Use semicolon (;) delimiter in the list.
When this policy isn't specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted.
Supported operations are Add, Get, Replace and Delete. Value type is string.
<a href="" id="settings-edpshowicons"></a>**Settings/EDPShowIcons**
@ -290,7 +290,7 @@ Bit 0 indicates whether WIP is on or off.
Bit 1 indicates whether AppLocker WIP policies are set.
Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies are not configured, the bit 3 is set to 0 (zero).
Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
Here&#39;s the list of mandatory WIP policies:

32
windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
View File

@ -17,9 +17,9 @@ ms.date: 07/11/2017
The EnterpriseDesktopAppManagement configuration service provider is used to handle enterprise desktop application management tasks, such as querying installed enterprise applications, installing applications, or removing applications.
Application installations can take some time to complete, hence they are done asynchronously. When the Exec command is completed, the client can send a generic alert to the management server with a status, whether it's a failure or success. For a SyncML example, see [Alert example](#alert-example).
Application installations can take some time to complete, hence they're done asynchronously. When the Exec command is completed, the client can send a generic alert to the management server with a status, whether it's a failure or success. For a SyncML example, see [Alert example](#alert-example).
The following shows the EnterpriseDesktopAppManagement CSP in tree format.
The following example shows the EnterpriseDesktopAppManagement CSP in tree format.
```
./Device/Vendor/MSFT
@ -66,9 +66,9 @@ Installation date of the application. Value type is string. Supported operation
<a href="" id="msi-productid-downloadinstall"></a>**MSI/*ProductID*/DownloadInstall**
Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get.
In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.
In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.
Here is an example:
Here's an example:
```xml
<Enforcement>
@ -99,12 +99,12 @@ Status of the application. Value type is string. Supported operation is Get.
<a href="" id="msi-productid-lasterror"></a>**MSI/*ProductID*/LastError**
The last error code during the application installation process. This is typically stored as an HRESULT format. Depending on what was occurring when the error happened, this could be the result of executing MSIExec.exe or the error result from an API that failed.
The last error code during the application installation process. This error code is typically stored as an HRESULT format. Depending on what was occurring when the error happened, this error could be the result of executing MSIExec.exe or the error result from an API that failed.
Value type is string. Supported operation is Get.
<a href="" id="msi-productid-lasterrordesc"></a>**MSI/*ProductID*/LastErrorDesc**
Contains the last error code description. The LastErrorDesc value is looked up for the matching LastError value. Sometimes there is no LastErrorDesc returned.
Contains the last error code description. The LastErrorDesc value is looked up for the matching LastError value. Sometimes there's no LastErrorDesc returned.
Value type is string. Supported operation is Get.
@ -112,7 +112,7 @@ Value type is string. Supported operation is Get.
Added in the March service release of Windows 10, version 1607.
<a href="" id="msi-upgradecode"></a>**MSI/UpgradeCode/_Guid_**
Added in the March service release of Windows 10, version 1607. A gateway (or device management server) uses this method to detect matching upgrade MSI product when a Admin wants to update an existing MSI app. If the same upgrade product is installed, then the update is allowed.
Added in the March service release of Windows 10, version 1607. A gateway (or device management server) uses this method to detect matching upgrade MSI product when an administrator wants to update an existing MSI app. If the same upgrade product is installed, then the update is allowed.
Value type is string. Supported operation is Get.
@ -143,7 +143,7 @@ The following table describes the fields in the previous sample:
| Name | Description |
|--------|-------------------------------------------------------------------------------------------------------------------------------|
| Get | Operation being performed. The Get operation is a request to return information. |
| CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. |
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor. |
@ -171,7 +171,7 @@ The following table describes the fields in the previous sample:
| Name | Description |
|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Delete | Operation being performed. The Delete operation is a request to delete the CSP node that represents the specified MSI installed application and to perform and uninstall of the application as part of the process. |
| CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. |
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. |
@ -199,7 +199,7 @@ The following table describes the fields in the previous sample:
| Name | Description |
|--------|-----------------------|
| Get | Operation being performed. The Get operation is a request to report the status of the specified MSI installed application.|
| CmdID | Input value used to reference the request. Responses will include this value which can be used to match request and response. |
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. |
@ -261,8 +261,8 @@ The following table describes the fields in the previous sample:
|Name|Description|
|--- |--- |
|Add|This is required to precede the Exec command.<li>CmdID - Input value used to reference the request. Responses includes this value, which can be use to match the request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.|
|Exec|The Exec node includes the parameters and properties requires to locate, download, validate and perform product installation.<li>CmdID - Input value used to reference the request. Responses will include this value which can be used to match request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.<li>Data - The Data node contains an embedded XML, of type “MsiInstallJob”<li>MsiInstallJob - Contains all information required for the successful download, validation and execution of the MSI installation process (see section at the end of this document for details on this embedded data object).|
|Add|This field is required to precede the Exec command.<li>CmdID - Input value used to reference the request. Responses include this value, which can be used to match the request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.|
|Exec|The Exec node includes the parameters and properties requires to locate, download, validate and perform product installation.<li>CmdID - Input value used to reference the request. Responses will include this value that can be used to match request and response.<li>LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.<li>Data - The Data node contains an embedded XML, of type “MsiInstallJob”<li>MsiInstallJob - Contains all information required for the successful download, validation and execution of the MSI installation process (see section at the end of this document for details on this embedded data object).|
</table>
> [!Note]
@ -326,10 +326,10 @@ The following table MsiInstallJob describes the schema elements.
|Element|Description|
|--- |--- |
|MsiInstallJob|root element<br>"Attribute: "id - the application identifier of the application being installed|
|MsiInstallJob|root element<br>Attribute: "id" - the application identifier of the application being installed|
|Product|child element of MsiInstallJob<br>Attribute: “Version” string representation of application version|
|Download|child element of Product. Container for download configuration information.|
|ContentURLList|child element of Download. Contains list of 1 or more content download URL locators in the form of ContentURL elements.|
|ContentURLList|child element of Download. Contains list of one or more content download URL locators in the form of ContentURL elements.|
|ContentURL|Location content should be downloaded from. Must be a property formatted URL that points to the .MSI file.|
|Validation|Contains information used to validate contend authenticity. • FileHash SHA256 hash value of file content|
|FileHash|SHA256 hash value of file content|
@ -341,7 +341,7 @@ The following table MsiInstallJob describes the schema elements.
Here is an example of a common response to a request
Here's an example of a common response to a request
```xml
<?xml version="1.0" encoding="utf-16"?>
@ -370,7 +370,7 @@ Here is an example of a common response to a request
## How to determine which installation context to use for an MSI package
The following tables shows how app targeting and MSI package type (per-user, per machine, or dual mode) are installed in the client.
The following tables show how app targeting and MSI package type (per-user, per machine, or dual mode) are installed in the client.
For Intune standalone environment, the MSI package will determine the MSI execution context.

70
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -19,7 +19,7 @@ The EnterpriseModernAppManagement configuration service provider (CSP) is used f
> [!Note]
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
The following shows the EnterpriseModernAppManagement configuration service provider in tree format.
The following example shows the EnterpriseModernAppManagement configuration service provider in tree format.
```console
./Vendor/MSFT
@ -109,18 +109,18 @@ Query parameters:
- Output - Specifies the parameters for the information returned in AppInventoryResults operation. Multiple value must be separate by |. Valid values are:
- PackagesName - returns the *PackageFamilyName* and *PackageFullName* of the app. Default if nothing is specified.
- PackageDetails - returns all inventory attributes of the package. This includes all information from PackageNames parameter, but does not validate RequiresReinstall.
- PackageDetails - returns all inventory attributes of the package. This information includes all information from PackageNames parameter, but doesn't validate RequiresReinstall.
- RequiredReinstall - Validates the app status of the apps in the inventory query to determine if they require a reinstallation. This attribute may impact system performance depending on the number of apps installed. Requiring reinstall occurs when resource package updates or when the app is in a tampered state.
- Source - specifies the app classification that aligns to the existing inventory nodes. You can use a specific filter or if no filter is specified then all sources will be returned. If no value is specified, all classifications are returned. Valid values are:
- AppStore - This classification is for apps that were acquired from Microsoft Store. These were apps directly installed from Microsoft Store or enterprise apps from Microsoft Store for Business.
- nonStore - This classification is for apps that were not acquired from the Microsoft Store.
- System - Apps that are part of the OS. You cannot uninstall these apps. This classification is read-only and can only be inventoried.
- nonStore - This classification is for apps that weren't acquired from the Microsoft Store.
- System - Apps that are part of the OS. You can't uninstall these apps. This classification is read-only and can only be inventoried.
- PackageTypeFilter - Specifies one or multiple types of packages you can use to query the user or device. Multiple values must be separated by |. Valid values are:
- Main - returns the main installed package.
- Bundle - returns installed bundle packages.
- Framework - returns installed framework packages.
- Resource - returns installed resources packages. Resources are either language, scale, or DirectX resources. They are parts of a bundle.
- Resource - returns installed resources packages. Resources are either language, scale, or DirectX resources. They're parts of a bundle.
- XAP - returns XAP package types. This filter is only supported on Windows Mobile.
- All - returns all package types.
@ -128,11 +128,11 @@ Query parameters:
- PackageFamilyName - specifies the name of a particular package. If you specify this parameter, it returns the Package Family name if the package contains this value.
If you do not specify this value, then all packages are returned.
If you don't specify this value, then all packages are returned.
- Publisher - specifies the publisher of a particular package. If you specify this parameter, it returns the publisher if the value exists in the Publisher field.
If you do not specify this value, then all publishers are returned.
If you don't specify this value, then all publishers are returned.
Supported operation is Get and Replace.
@ -161,8 +161,8 @@ Parameters:
<li>Name: Specifies the PackageFullName of the particular package to remove.</li>
<li>RemoveForAllUsers:
<ul>
<li>0 (default) Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users. This is not currently supported.</li>
<li>1 Package will be removed for all users only if it is a provisioned package.</li>
<li>0 (default) Package will be unprovisioned so that new users don't receive the package. The package will remain installed for current users. This option isn't currently supported.</li>
<li>1 Package will be removed for all users only if it's a provisioned package.</li>
</ul>
</li>
</ul>
@ -189,7 +189,7 @@ The following example removes a package for all users:
````
<a href="" id="appmanagement-nonstore"></a>**AppManagement/nonStore**
Used to manage enterprise apps or developer apps that were not acquired from the Microsoft Store.
Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store.
Supported operation is Get.
@ -210,7 +210,7 @@ Added in Windows 10, version 1809. Interior node for the managing updates throug
> ReleaseManagement settings only apply to updates through the Microsoft Store.
<a href="" id="appmanagement-releasemanagement-releasemanagementkey"></a>**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**
Added in Windows 10, version 1809. Identifier for the app or set of apps. If there is only one app, it is the PackageFamilyName. If it is for a set of apps, it is the PackageFamilyName of the main app.
Added in Windows 10, version 1809. Identifier for the app or set of apps. If there's only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app.
<a href="" id="appmanagement-releasemanagement-releasemanagementkey-channelid"></a>**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId**
@ -237,7 +237,7 @@ Added in Windows 10, version 1809. Returns the last user release ID on the devic
Value type is string. Supported operation is Get.
<a href="" id="----packagefamilyname"></a>**.../**<strong>*PackageFamilyName*</strong>
Optional. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Optional. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Supported operations are Get and Delete.
@ -323,7 +323,7 @@ Required. Date the app was installed. Value type is string.
Supported operation is Get.
<a href="" id="----packagefamilyname-packagefullname-resourceid"></a>**.../*PackageFamilyName*/*PackageFullName*/ResourceID**
Required. Resource ID of the app. This is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
Required. Resource ID of the app. This value is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
> [!Note]
> Not applicable to XAP files.
@ -334,10 +334,10 @@ Supported operation is Get.
Required. Provides information about the status of the package. Value type is int. Valid values are:
- OK (0) - The package is usable.
- LicenseIssue (1) - The license of the package is not valid.
- LicenseIssue (1) - The license of the package isn't valid.
- Modified (2) - The package payload was modified by an unknown source.
- Tampered (4) - The package payload was tampered intentionally.
- Disabled (8) - The package is not available for use. It can still be serviced.
- Disabled (8) - The package isn't available for use. It can still be serviced.
> [!Note]
> Not applicable to XAP files.
@ -345,7 +345,7 @@ Required. Provides information about the status of the package. Value type is in
Supported operation is Get.
<a href="" id="----packagefamilyname-packagefullname-requiresreinstall"></a>**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall**
Required. Specifies whether the package state has changed and requires a reinstallation of the app. This can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
Required. Specifies whether the package state has changed and requires a reinstallation of the app. This change of status can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
> [!Note]
> Not applicable to XAP files.
@ -386,7 +386,7 @@ Added in Windows 10, version 1511. Interior node for all managed app setting val
<a href="" id="----packagefamilyname-appsettingpolicy-settingvalue---only-for---user-vendor-msft-"></a>**.../*PackageFamilyName*/AppSettingPolicy/**<strong>*SettingValue*</strong> (only for ./User/Vendor/MSFT)
Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.
This setting only works for apps that support the feature and it is only supported in the user context.
This setting only works for apps that support the feature and it's only supported in the user context.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
@ -423,7 +423,7 @@ The following example gets all managed app settings for a specific app.
```
<a href="" id="----packagefamilyname-maintainprocessorarchitectureonupdate"></a>**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**
Added in Windows 10, version 1803. Specify whether on a AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
Added in Windows 10, version 1803. Specify whether on an AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
Supported operations are Add, Get, Delete, and Replace. Value type is integer.
@ -439,14 +439,14 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
<a href="" id="----packagefamilyname-nonremovable"></a>**.../_PackageFamilyName_/NonRemovable**
Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user.
This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This is also useful when there are multiple users per device, and you want to ensure that one user doesnt remove it for all users.
This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesnt remove it for all users.
NonRemovable requires admin permission. This can only be set per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
Value type is integer. Supported operations are Add, Get, and Replace.
Valid values:
- 0 app is not in the nonremovable app policy list
- 0 app isn't in the nonremovable app policy list
- 1 app is included in the nonremovable app policy list
**Examples:**
@ -492,7 +492,7 @@ Get the status for a particular app
```
Replace an app in the nonremovable app policy list
Data 0 = app is not in the app policy list
Data 0 = app isn't in the app policy list
Data 1 = app is in the app policy list
```xml
@ -519,7 +519,7 @@ Data 1 = app is in the app policy list
Required node. Used to perform app installation.
<a href="" id="appinstallation-packagefamilyname"></a>**AppInstallation/**<strong>*PackageFamilyName*</strong>
Optional node. Package family name (PFN) of the app. There is one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Optional node. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Supported operations are Get and Add.
@ -533,7 +533,7 @@ Required. Command to perform an install of an app and a license from the Microso
Supported operation is Execute, Add, Delete, and Get.
<a href="" id="appinstallation-packagefamilyname-hostedinstall"></a>**AppInstallation/*PackageFamilyName*/HostedInstall**
Required. Command to perform an install of an app package from a hosted location (this can be a local drive, a UNC, or https data source).
Required. Command to perform an install of an app package from a hosted location (this location can be a local drive, a UNC, or https data source).
The following list shows the supported deployment options:
- ForceApplicationShutdown
@ -541,10 +541,10 @@ The following list shows the supported deployment options:
- InstallAllResources
- ForceTargetApplicationShutdown 
- ForceUpdateToAnyVersion
- DeferRegistration="1". If the app is in use at the time of installation. This stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
- DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
- StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
- ValidateDependencies="1". This is used at provisioning/staging time. If it is set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies are not present. Available in the latest insider flight of 20H1.
- ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1.
- ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
Supported operation is Execute, Add, Delete, and Get.
@ -555,7 +555,7 @@ Required. Last error relating to the app installation.
Supported operation is Get.
> [!Note]
> This element is not present after the app is installed.
> This element isn't present after the app is installed.
@ -565,30 +565,30 @@ Required. Description of last error relating to the app installation.
Supported operation is Get.
> [!Note]
> This element is not present after the app is installed.
> This element isn't present after the app is installed.
<a href="" id="appinstallation-packagefamilyname-status"></a>**AppInstallation/*PackageFamilyName*/Status**
Required. Status of app installation. The following values are returned:
- NOT\_INSTALLED (0) - The node was added, but the execution has not completed.
- INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success, this value is updated.
- NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed.
- INSTALLING (1) - Execution has started, but the deployment hasn't completed. If the deployment completes regardless of success, this value is updated.
- FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription.
- INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear.
- INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean-up action hasn't completed, this state may briefly appear.
Supported operation is Get.
> [!Note]
> This element is not present after the app is installed.
> This element isn't present after the app is installed.
<a href="" id="appinstallation-packagefamilyname-progessstatus"></a>**AppInstallation/*PackageFamilyName*/ProgessStatus**
Required. An integer the indicates the progress of the app installation. For https locations, this indicates the download progress. ProgressStatus is not available for provisioning and it is only for user-based installations. In provisioning, the value is always 0 (zero).
Required. An integer that indicates the progress of the app installation. For https locations, this integer indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. ProgressStatus value is always 0 (zero) in provisioning.
Supported operation is Get.
> [!Note]
> This element is not present after the app is installed.
> This element isn't present after the app is installed.
<a href="" id="applicenses"></a>**AppLicenses**
@ -617,7 +617,7 @@ Supported operation is Get.
Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values:
- Unknown - usage is unknown
- Online - the license is only valid for online usage. This is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
- Online - the license is only valid for online usage. This license is for applications with concurrence requirements, such as an app used on several computers, but can only be used on one at any given time.
- Offline - license is valid for use offline. You don't need a connection to the internet to use this license.
- Enterprise Root -