deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update policy-csp-networklistmanager.md

Browse Source
This commit is contained in:
Vinay Pamnani 2023-03-08 14:25:58 -05:00 committed by GitHub
parent c633df3ebb
commit 3388e82b33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
windows/client-management/mdm/policy-csp-networklistmanager.md
View File

@ -42,20 +42,19 @@ List of URLs (seperated by Unicode character 0xF000) to endpoints accessible onl
<!-- AllowedTlsAuthenticationEndpoints-Editable-Begin --> <!-- AllowedTlsAuthenticationEndpoints-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. --> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
- When entering a list of TLS endpoints in Microsoft Intune using a configuration profile with a custom template and the OMA URI, use the following format: `<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>`
- The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication. - The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
- The HTTPS endpoint must be an internal address not accessible from outside the organizational network. - The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store. - The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
- A certificate shouldn't be a public certificate. - A certificate shouldn't be a public certificate.
Test the URL using this command, it MUST return a HTTP_STATUS_OK 200 To test the URL, use a PowerShell command similar to below:
`Invoke-webrequest https://nls.corp.contoso.com -Method get -UseBasicParsing -MaximumRedirection 0` ```powershell
Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing -MaximumRedirection 0
When entering a list of TLS endpoints in Microsoft Intune using a configruation profile with a custom template and the OMA URI, the URLs must be seperated by Unicode character 0xF000. It must be this format: ```
`<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>`
`StatusCode` return by the command must be 200 (`HTTP_STATUS_OK`).
<!-- AllowedTlsAuthenticationEndpoints-Editable-End --> <!-- AllowedTlsAuthenticationEndpoints-Editable-End -->
<!-- AllowedTlsAuthenticationEndpoints-DFProperties-Begin --> <!-- AllowedTlsAuthenticationEndpoints-DFProperties-Begin -->