deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update policy-csp-networklistmanager.md

Browse Source 
Adjust the description to reflect changes in the Intune UI. Add additional information on how to test the NLS URLs.
This commit is contained in:
msarcletti
2023-03-08 17:05:55 +01:00
committed by GitHub
parent d19cd52b8e
commit 353b86fed7
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
windows/client-management/mdm/policy-csp-networklistmanager.md
View File

@ -37,23 +37,25 @@ ms.topic: reference
<!-- AllowedTlsAuthenticationEndpoints-Description-Begin -->
<!-- Description-Source-DDF -->
List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
List of URLs to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
<!-- AllowedTlsAuthenticationEndpoints-Description-End -->
<!-- AllowedTlsAuthenticationEndpoints-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
When entering a list of TLS endpoints in Microsoft Intune, use the following format, even in the UI:
- The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
- The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
- A certificate shouldn't be a public certificate.
Test the URL using this command, it MUST return a HTTP_STATUS_OK 200
`Invoke-webrequest https://nls.corp.contoso.com -Method get -UseBasicParsing -MaximumRedirection 0`
When entering a list of TLS endpoints in Microsoft Intune using a configruation profile with a custom template and the OMA URI, the URLs must be seperated by Unicode character 0xF000. It must be this format:
`<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>`
- The HTTPS endpoint must not have any more authentication checks, such as sign-in or multi-factor authentication.
- The HTTPS endpoint must be an internal address not accessible from outside the organizational network.
- The client must trust the server certificate. So the CA certificate that the HTTPS server certificate chains to must be present in the client machine's root certificate store.
- A certificate shouldn't be a public certificate.
<!-- AllowedTlsAuthenticationEndpoints-Editable-End -->
<!-- AllowedTlsAuthenticationEndpoints-DFProperties-Begin -->