deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 3377: 9/22 PM Publish

Browse Source
This commit is contained in:
Alma Jenks 2017-09-22 22:32:14 +00:00
commit 2edc49037f
7 changed files with 219 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 07/27/2017 ms.date: 09/19/2017
--- ---
# AssignedAccess CSP # AssignedAccess CSP
@ -19,7 +19,7 @@ The AssignedAccess configuration service provider (CSP) is used set the device t
For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211) For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
> **Note**  The AssignedAccess CSP is only supported in Windows 10 Enterprise and Windows 10 Education. > **Note**  The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro.
The following diagram shows the AssignedAccess configuration service provider in tree format The following diagram shows the AssignedAccess configuration service provider in tree format

4
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 06/27/2017 ms.date: 09/19/2017
--- ---
# Configuration service provider reference # Configuration service provider reference
@ -164,7 +164,7 @@ Footnotes:
</tr> </tr>
<tr> <tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td></td> <td></td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td> <td><img src="images/checkmark.png" alt="check mark" /></td>

145
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 06/19/2017 ms.date: 09/19/2017
--- ---
# EnterpriseAPN CSP # EnterpriseAPN CSP
@ -128,6 +128,149 @@ The following image shows the EnterpriseAPN configuration service provider in tr
<p style="margin-left: 20px">Supported operations are Get and Replace.</p> <p style="margin-left: 20px">Supported operations are Get and Replace.</p>
## Examples
``` syntax
<!--
Copyright (c) Microsoft Corporation. All rights reserved.
-->
<!--
Use of this source code is subject to the terms of the Microsoft
premium shared source license agreement under which you licensed
this source code. If you did not accept the terms of the license
agreement, you are not authorized to use this source code.
For the terms of the license, please see the license agreement
signed by you and Microsoft.
THE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES OR INDEMNITIES.
-->
<SyncML>
<SyncBody>
<Atomic>
<CmdID>8000</CmdID>
<!-- Sub-tree 1 -->
<add>
<CmdID>8001</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/APNName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>enterprise_apn1</Data>
</Item>
</add>
<add>
<CmdID>8002</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/IPType</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>IPv4</Data>
</Item>
</add>
<add>
<CmdID>8003</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/IsAttachAPN</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">bool</Format>
</Meta>
<Data>false</Data>
</Item>
</add>
<add>
<CmdID>8004</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/ClassId</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA</Data>
</Item>
</add>
<add>
<CmdID>8005</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/AuthType</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>CHAP</Data>
</Item>
</add>
<add>
<CmdID>8006</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/UserName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>myusername</Data>
</Item>
</add>
<add>
<CmdID>8007</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/Password</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>mypassword</Data>
</Item>
</add>
<add>
<CmdID>8008</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAPN/E_APN1/IccId</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>FFFFFFFFFFFFFFFFFFFF</Data>
</Item>
</add>
</Atomic>
<Final/>
</SyncBody>
<!--
===============================================================================
atomicA
add chr EnterpriseAPN/E_APN1/APNName enterprise_apn1
add chr EnterpriseAPN/E_APN1/IPType IPv4
add bool EnterpriseAPN/E_APN1/IsAttachAPN false
add chr EnterpriseAPN/E_APN1/ClassId AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
add chr EnterpriseAPN/E_APN1/AuthType CHAP
add chr EnterpriseAPN/E_APN1/UserName myusername
add chr EnterpriseAPN/E_APN1/Password mypassword
add chr EnterpriseAPN/E_APN1/IccId FFFFFFFFFFFFFFFFFFFF
atomicZ
===============================================================================
-->
</SyncML>
```
## Related topics ## Related topics

11
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 09/12/2017 ms.date: 09/19/2017
--- ---
# What's new in MDM enrollment and management # What's new in MDM enrollment and management
@ -974,6 +974,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<ul> <ul>
<li>Configuration</li> <li>Configuration</li>
</ul> </ul>
<p>Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td> <td style="vertical-align:top">[DeviceManageability CSP](devicemanageability-csp.md)</td>
@ -1378,6 +1379,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</ul> </ul>
<p>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.</p> <p>Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.</p>
</td></tr> </td></tr>
<tr class="even">
<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
<td style="vertical-align:top"><p>Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.</p>
</td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">Microsoft Store for Business</td> <td style="vertical-align:top">Microsoft Store for Business</td>
<td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business.</p> <td style="vertical-align:top"><p>Windows Store for Business name changed to Microsoft Store for Business.</p>
@ -1393,6 +1398,9 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p> <p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[EntepriseAPN CSP](enterpriseapn-csp.md)</td>
<td style="vertical-align:top"><p>Added a SyncML example.</p>
</td></tr>
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td> <td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added RegisterDNS setting in Windows 10, version 1709.</p> <td style="vertical-align:top"><p>Added RegisterDNS setting in Windows 10, version 1709.</p>
</td></tr> </td></tr>
@ -1617,6 +1625,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<ul> <ul>
<li>Added Configuration node</li> <li>Added Configuration node</li>
</ul> </ul>
<p>Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[SurfaceHub CSP](surfacehub-csp.md)</td> <td style="vertical-align:top">[SurfaceHub CSP](surfacehub-csp.md)</td>

23
windows/client-management/mdm/policy-csp-system.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 08/30/2017 ms.date: 09/20/2017
--- ---
# Policy CSP - System # Policy CSP - System
@ -303,7 +303,13 @@ ms.date: 08/30/2017
<p style="margin-left: 20px">The following tables describe the supported values: <p style="margin-left: 20px">The following tables describe the supported values:
<table style="margin-left: 20px"> Windows 8.1 Values:
- 0 - Not allowed.
- 1 Allowed, except for Secondary Data Requests.
- 2 (default) Allowed.
<!--<table style="margin-left: 20px">
<colgroup> <colgroup>
<col width="100%" /> <col width="100%" />
</colgroup> </colgroup>
@ -324,10 +330,17 @@ ms.date: 08/30/2017
<td style="vertical-align:top"><p>2 (default) Allowed.</p></td> <td style="vertical-align:top"><p>2 (default) Allowed.</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>-->
Windows 10 Values:
<table style="margin-left: 20px"> - 0 Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
- 1 Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.
- 2 Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.
- 3 Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.
<!--<table style="margin-left: 20px">
<colgroup> <colgroup>
<col width="100%" /> <col width="100%" />
</colgroup> </colgroup>
@ -354,7 +367,7 @@ ms.date: 08/30/2017
<td style="vertical-align:top"><p>3 Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.</p></td> <td style="vertical-align:top"><p>3 Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>-->
> [!IMPORTANT] > [!IMPORTANT]

33
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 08/30/2017 ms.date: 09/20/2017
--- ---
# Policy CSP - Update # Policy CSP - Update
@ -595,7 +595,34 @@ This policy is accessible through the Update setting in the user interface or Gr
<p style="margin-left: 20px">If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. <p style="margin-left: 20px">If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
<table style="margin-left: 20px"> OS upgrade:
- Maximum deferral: 8 months
- Deferral increment: 1 month
- Update type/notes:
- Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
Update:
- Maximum deferral: 1 month
- Deferral increment: 1 week
- Update type/notes:
If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
- Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
- Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
- Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
- Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
- Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
- Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
- Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
- Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
Other/cannot defer:
- Maximum deferral: No deferral
- Deferral increment: No deferral
- Update type/notes:
Any update category not specifically enumerated above falls into this category.
- Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
<!--<table style="margin-left: 20px">
<colgroup> <colgroup>
<col width="25%" /> <col width="25%" />
<col width="25%" /> <col width="25%" />
@ -644,7 +671,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
<p>Definition Update - E0789628-CE08-4437-BE74-2495B842F43B</p></td> <p>Definition Update - E0789628-CE08-4437-BE74-2495B842F43B</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>-->
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->

27
windows/device-security/tpm/tpm-recommendations.md
View File

@ -98,20 +98,19 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
The following table defines which Windows features require TPM support. The following table defines which Windows features require TPM support.
| Windows Features | Windows 10 TPM 1.2 | Windows 10 TPM 2.0 | Details | | Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
|-------------------------|----------------------|----------------------|----------| |-------------------------|--------------|--------------------|--------------------|----------|
| Measured Boot | Required | Required | Measured boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. | | Measured Boot | Yes | Yes | Yes | |
| Bitlocker | Required | Required | TPM 1.2 or later required or a removable USB memory device such as a flash drive. Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly. | | Bitlocker | No | Yes | Yes | A removable USB memory device such as a flash drive can also be used instead of a TPM. |
| Passport: Domain AADJ Join | Required | Required | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support. | | Device Encryption | Yes | N/A | Yes | Device Encryption requires InstantGo/Connected Standby certification. All systems certified for InstantGo/Connected Standby shipped with TPM 2.0, so TPM 1.3 support is Not Applicable. |
| Passport: MSA or Local Account | Required | Required | TPM 2.0 is required with HMAC and EK certificate for key attestation support. | | Device Guard | No | Yes | Yes | |
| Device Encryption | Not Applicable | Required | TPM 2.0 is required for all InstantGo devices. | | Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 is supported. |
| Credential Guard | Required | Required | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. | | Device Health Attestation| Yes | Yes | Yes | |
| Device Health Attestation | Required | Required | | | Windows Hello/Windows Hello for Business| No | Yes | Yes | |
| Windows Hello / Windows Hello for Business | Not Required | Recommended | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected) | | UEFI Secure Boot | No | Yes | Yes | |
| UEFI Secure Boot | Not Required | Recommended | | | TPM Platform Crypto Provider Key Storage Provider| Yes | Yes| Yes | |
| Platform Key Storage provider | Required | Required | | | Virtual Smart Card | Yes | Yes | Yes | |
| Virtual Smart Card | Required | Required | | | Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. |
| Certificate storage (TPM bound) | Required | Required | |
## OEM Status on TPM 2.0 system availability and certified parts ## OEM Status on TPM 2.0 system availability and certified parts