diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 3b37a6caf1..3675333e76 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -231,6 +231,7 @@ #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md) #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md) #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) +#### [ADMX_Power](policy-csp-admx-power.md) #### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) #### [ADMX_Printing](policy-csp-admx-printing.md) #### [ADMX_Printing2](policy-csp-admx-printing2.md) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 07f3aa7f0f..652a24f8e4 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -1126,12 +1126,12 @@ Supported values: |-----|------------| | 0 |The BitLocker policy requires user consent to launch the BitLocker Drive Encryption Wizard to start encryption of the OS volume but the user didn't consent.| | 1 |The encryption method of the OS volume doesn't match the BitLocker policy.| -| 2 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.| +| 2 |The OS volume is unprotected.| | 3 |The BitLocker policy requires a TPM-only protector for the OS volume, but TPM protection isn't used.| | 4 |The BitLocker policy requires TPM+PIN protection for the OS volume, but a TPM+PIN protector isn't used.| | 5 |The BitLocker policy requires TPM+startup key protection for the OS volume, but a TPM+startup key protector isn't used.| | 6 |The BitLocker policy requires TPM+PIN+startup key protection for the OS volume, but a TPM+PIN+startup key protector isn't used.| -| 7 |The OS volume is unprotected.| +| 7 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.| | 8 |Recovery key backup failed.| | 9 |A fixed drive is unprotected.| | 10 |The encryption method of the fixed drive doesn't match the BitLocker policy.| diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 552222926f..c6e37891f5 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -789,6 +789,31 @@ ms.date: 10/08/2020 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2) - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3) - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4) +- [ADMX_Power/ACConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-acconnectivityinstandby-2) +- [ADMX_Power/ACCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-accriticalsleeptransitionsdisable-2) +- [ADMX_Power/ACStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-acstartmenubuttonaction-2) +- [ADMX_Power/AllowSystemPowerRequestAC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestac) +- [ADMX_Power/AllowSystemPowerRequestDC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestdc) +- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopenac) +- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopendc) +- [ADMX_Power/CustomActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-customactiveschemeoverride-2) +- [ADMX_Power/DCBatteryDischargeAction0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction0-2) +- [ADMX_Power/DCBatteryDischargeAction1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction1-2) +- [ADMX_Power/DCBatteryDischargeLevel0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel0-2) +- [ADMX_Power/DCBatteryDischargeLevel1UINotification_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1uinotification-2) +- [ADMX_Power/DCBatteryDischargeLevel1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1-2) +- [ADMX_Power/DCConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-dcconnectivityinstandby-2) +- [ADMX_Power/DCCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-dccriticalsleeptransitionsdisable-2) +- [ADMX_Power/DCStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-dcstartmenubuttonaction-2) +- [ADMX_Power/DiskACPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskacpowerdowntimeout-2) +- [ADMX_Power/DiskDCPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskdcpowerdowntimeout-2) +- [ADMX_Power/Dont_PowerOff_AfterShutdown](./policy-csp-admx-power.md#admx-power-dont-poweroff-aftershutdown) +- [ADMX_Power/EnableDesktopSlideShowAC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowac) +- [ADMX_Power/EnableDesktopSlideShowDC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowdc) +- [ADMX_Power/InboxActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-inboxactiveschemeoverride-2) +- [ADMX_Power/PW_PromptPasswordOnResume](./policy-csp-admx-power.md#admx-power-pw-promptpasswordonresume) +- [ADMX_Power/PowerThrottlingTurnOff](./policy-csp-admx-power.md#admx-power-powerthrottlingturnoff) +- [ADMX_Power/ReserveBatteryNotificationLevel](./policy-csp-admx-power.md#admx-power-reservebatterynotificationlevel) - [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging) - [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts) - [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index fff1b3e3ca..8bfdfd90cc 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2749,6 +2749,86 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_Power policies + +
+
+ ADMX_Power/ACConnectivityInStandby_2 +
+
+ ADMX_Power/ACCriticalSleepTransitionsDisable_2 +
+
+ ADMX_Power/ACStartMenuButtonAction_2 +
+
+ ADMX_Power/AllowSystemPowerRequestAC +
+
+ ADMX_Power/AllowSystemPowerRequestDC +
+
+ ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC +
+
+ ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC +
+
+ ADMX_Power/CustomActiveSchemeOverride_2 +
+
+ ADMX_Power/DCBatteryDischargeAction0_2 +
+
+ ADMX_Power/DCBatteryDischargeAction1_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel0_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel1UINotification_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel1_2 +
+
+ ADMX_Power/DCConnectivityInStandby_2 +
+
+ ADMX_Power/DCCriticalSleepTransitionsDisable_2 +
+
+ ADMX_Power/DCStartMenuButtonAction_2 +
+
+ ADMX_Power/DiskACPowerDownTimeOut_2 +
+
+ ADMX_Power/DiskDCPowerDownTimeOut_2 +
+
+ ADMX_Power/Dont_PowerOff_AfterShutdown +
+
+ ADMX_Power/EnableDesktopSlideShowAC +
+
+ ADMX_Power/EnableDesktopSlideShowDC +
+
+ ADMX_Power/InboxActiveSchemeOverride_2 +
+
+ ADMX_Power/PW_PromptPasswordOnResume +
+
+ ADMX_Power/PowerThrottlingTurnOff +
+
+ ADMX_Power/ReserveBatteryNotificationLevel +
+
+ ### ADMX_PowerShellExecutionPolicy policies
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md index 36128621e3..650e2497ae 100644 --- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md +++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md @@ -106,7 +106,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. +Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories. To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation. @@ -189,7 +189,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media. If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components. @@ -270,7 +270,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update. If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update. @@ -351,7 +351,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files. If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu. @@ -433,7 +433,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator. If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs. @@ -511,7 +511,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs. @@ -589,7 +589,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations. If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting. @@ -668,7 +668,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs. If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs. @@ -746,7 +746,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools. If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services. @@ -827,7 +827,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page. If you disable this setting or do not configure it, the Support Info hyperlink appears. @@ -908,7 +908,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files. If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard. diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md index ef0f985661..a2a770794d 100644 --- a/windows/client-management/mdm/policy-csp-admx-appcompat.md +++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md @@ -108,7 +108,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased. @@ -185,7 +185,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file. The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. @@ -256,7 +256,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Application Telemetry engine in the system. +Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system. Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications. @@ -331,7 +331,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Switchback compatibility engine in the system. +Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. @@ -407,7 +407,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the application compatibility engine in the system. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system. The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem. @@ -485,7 +485,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. +Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility. @@ -552,7 +552,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues. @@ -626,7 +626,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder. Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots. Steps Recorder includes an option to turn on and off data collection. @@ -699,7 +699,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Inventory Collector. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems. diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md index 1aa77b30da..62b80d6108 100644 --- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md +++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied. diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md index 649079a937..232b4fdce7 100644 --- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md +++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md @@ -78,7 +78,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). If you enable this policy setting, SSL cipher suites are prioritized in the order specified. @@ -151,7 +151,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line. diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md index 1da39a32a3..152e8d9044 100644 --- a/windows/client-management/mdm/policy-csp-admx-com.md +++ b/windows/client-management/mdm/policy-csp-admx-com.md @@ -78,7 +78,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. +Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. @@ -153,7 +153,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. +Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md index 21bf8792f1..9517dbfe30 100644 --- a/windows/client-management/mdm/policy-csp-admx-cpls.md +++ b/windows/client-management/mdm/policy-csp-admx-cpls.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo. > [!NOTE] > The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md index 9ecc74d2e9..c4ed633cb6 100644 --- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md +++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from changing their Windows password on demand. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their Windows password on demand. If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del. @@ -153,7 +153,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from locking the system. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from locking the system. While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it. @@ -226,7 +226,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from starting Task Manager. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from starting Task Manager. Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run. @@ -297,7 +297,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting disables or removes all menu items and buttons that log the user off the system. +Available in the latest Windows 10 Insider Preview Build. This policy setting disables or removes all menu items and buttons that log the user off the system. If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu. diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md index 43d6152747..b2b311f5a1 100644 --- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md +++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md @@ -77,7 +77,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. @@ -148,7 +148,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 79b48babf1..5176ac1024 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -137,7 +137,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names. @@ -205,7 +205,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails. A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot. @@ -282,7 +282,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix. If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. @@ -351,7 +351,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process. With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name. @@ -438,7 +438,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured. If this policy setting is enabled, IDNs are not converted to Punycode. @@ -507,7 +507,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string. If this policy setting is enabled, IDNs are converted to the Nameprep form. @@ -576,7 +576,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address. @@ -647,7 +647,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order. @@ -720,7 +720,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution. To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com. @@ -795,7 +795,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix. By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com. @@ -869,7 +869,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS client computers will register PTR resource records. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS client computers will register PTR resource records. By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record. @@ -945,7 +945,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled. @@ -1014,7 +1014,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers. @@ -1087,7 +1087,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. @@ -1163,7 +1163,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied. To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes). @@ -1234,7 +1234,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com." @@ -1310,7 +1310,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept. If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. @@ -1379,7 +1379,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. @@ -1451,7 +1451,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the security level for dynamic DNS updates. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the following values: @@ -1526,7 +1526,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com." +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com." By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. @@ -1597,7 +1597,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process. With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name. @@ -1684,7 +1684,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers. LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible. diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md index ff5b9de5cc..e03d29b3c1 100644 --- a/windows/client-management/mdm/policy-csp-admx-dwm.md +++ b/windows/client-management/mdm/policy-csp-admx-dwm.md @@ -89,7 +89,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. @@ -162,7 +162,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. @@ -234,7 +234,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this policy setting, window animations are turned off. @@ -305,7 +305,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this policy setting, window animations are turned off. @@ -376,7 +376,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. @@ -448,7 +448,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md index ec7948b584..82b82ab53f 100644 --- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md +++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md index e47d548237..985a4580ad 100644 --- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md +++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md @@ -78,7 +78,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector. If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments. @@ -151,7 +151,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager. If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics. diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index 37b6b9a826..97a0885008 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index fbdc148b37..aadede45cf 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -93,7 +93,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. +Available in the latest Windows 10 Insider Preview Build. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. > [!TIP] @@ -157,7 +157,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. +Available in the latest Windows 10 Insider Preview Build. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. A value of 0, the default, will enable delete notifications for all volumes. @@ -224,7 +224,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. +Available in the latest Windows 10 Insider Preview Build. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. > [!TIP] @@ -287,7 +287,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. +Available in the latest Windows 10 Insider Preview Build. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted. > [!TIP] @@ -350,7 +350,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. +Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process. > [!TIP] @@ -413,7 +413,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. +Available in the latest Windows 10 Insider Preview Build. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system. If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume. @@ -479,7 +479,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: +Available in the latest Windows 10 Insider Preview Build. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: - Local Link to a Local Target - Local Link to a Remote Target @@ -552,7 +552,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs. +Available in the latest Windows 10 Insider Preview Build. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index 845c514983..97576c4d96 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -91,7 +91,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default. If you enable this policy setting, users must manually select the files they wish to make available offline. @@ -166,7 +166,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether individual redirected shell folders are available offline by default. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether individual redirected shell folders are available offline by default. For the folders affected by this setting, users must manually select the files they wish to make available offline. @@ -240,7 +240,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location. If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location. @@ -309,7 +309,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. @@ -381,7 +381,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively. If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder. @@ -452,7 +452,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. @@ -525,7 +525,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index d705d091a0..9f96bb2c16 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. @@ -154,7 +154,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders. @@ -237,7 +237,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. @@ -311,7 +311,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index 10d08651fc..50be68bfc6 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements. @@ -152,7 +152,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can provide ratings for Help content. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can provide ratings for Help content. If you enable this policy setting, ratings controls are not added to Help content. @@ -222,7 +222,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. If you enable this policy setting, users cannot participate in the Help Experience Improvement program. @@ -291,7 +291,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows. If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online. diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index 4a63715208..baaaa464b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -89,7 +89,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication. If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. @@ -185,7 +185,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain. @@ -256,7 +256,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied. +Available in the latest Windows 10 Insider Preview Build. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s domain is not at Windows Server 2016 DFL or higher this policy will not be applied. This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension. @@ -331,7 +331,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to request compound authentication. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to request compound authentication. > [!NOTE] > For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled. @@ -403,7 +403,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log. If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. @@ -472,7 +472,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the domain controller provides information about previous logons to client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the domain controller provides information about previous logons to client computers. If you enable this policy setting, the domain controller provides the information message about previous logons. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index ddaddd01f1..bf08d08f1b 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the SMB server. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prioritized in the order specified. @@ -172,7 +172,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed. Policy configuration @@ -255,7 +255,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. @@ -338,7 +338,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client. If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences. diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index d4f25831ab..f36c218e89 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -77,7 +77,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Mapper I/O network protocol driver. +Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis. @@ -148,7 +148,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Responder network protocol driver. +Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis. diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index a86907a534..e51d3bfcb5 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -86,7 +86,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. @@ -165,7 +165,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. @@ -244,7 +244,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited. @@ -323,7 +323,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from entering author mode. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from entering author mode. This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default. @@ -396,7 +396,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. - If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index cdd93c1d97..2190dbabeb 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -383,7 +383,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -460,7 +460,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -538,7 +538,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -616,7 +616,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -694,7 +694,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -772,7 +772,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -850,7 +850,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -928,7 +928,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1006,7 +1006,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1084,7 +1084,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1162,7 +1162,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1240,7 +1240,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1317,7 +1317,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1394,7 +1394,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1471,7 +1471,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1548,7 +1548,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1625,7 +1625,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1702,7 +1702,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1779,7 +1779,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1856,7 +1856,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -1933,7 +1933,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2010,7 +2010,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2087,7 +2087,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2164,7 +2164,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2241,7 +2241,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2318,7 +2318,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2395,7 +2395,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2472,7 +2472,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2549,7 +2549,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2627,7 +2627,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2704,7 +2704,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2781,7 +2781,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2858,7 +2858,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -2935,7 +2935,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3012,7 +3012,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3089,7 +3089,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3166,7 +3166,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3243,7 +3243,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins. @@ -3322,7 +3322,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3399,7 +3399,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3476,7 +3476,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3553,7 +3553,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3630,7 +3630,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3707,7 +3707,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3784,7 +3784,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3861,7 +3861,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -3938,7 +3938,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4015,7 +4015,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4092,7 +4092,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4169,7 +4169,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4246,7 +4246,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4323,7 +4323,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4400,7 +4400,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4477,7 +4477,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4554,7 +4554,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4631,7 +4631,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4708,7 +4708,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4785,7 +4785,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4862,7 +4862,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -4939,7 +4939,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5016,7 +5016,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5093,7 +5093,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5170,7 +5170,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5247,7 +5247,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5324,7 +5324,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5401,7 +5401,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5478,7 +5478,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5555,7 +5555,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5632,7 +5632,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5709,7 +5709,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5786,7 +5786,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5863,7 +5863,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -5940,7 +5940,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6017,7 +6017,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6094,7 +6094,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6171,7 +6171,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6248,7 +6248,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6325,7 +6325,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6402,7 +6402,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6479,7 +6479,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6556,7 +6556,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6633,7 +6633,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6710,7 +6710,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6787,7 +6787,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6864,7 +6864,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -6941,7 +6941,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7018,7 +7018,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7095,7 +7095,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7172,7 +7172,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7249,7 +7249,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7326,7 +7326,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7403,7 +7403,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7480,7 +7480,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7557,7 +7557,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7634,7 +7634,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7711,7 +7711,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7788,7 +7788,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7865,7 +7865,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -7942,7 +7942,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8019,7 +8019,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8096,7 +8096,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8173,7 +8173,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8250,7 +8250,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8327,7 +8327,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. @@ -8404,7 +8404,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index e8c35ac22e..7a9e6a5a84 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires. diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index 840af17067..da9eca2118 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -95,7 +95,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: @@ -174,7 +174,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. > [!TIP] @@ -239,7 +239,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel. @@ -310,7 +310,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation. If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”. @@ -377,7 +377,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon. If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names. @@ -453,7 +453,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether NCA service runs in Passive Mode or not. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not. Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default. @@ -519,7 +519,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. @@ -588,7 +588,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message. diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 3e575f3fdf..68f54caf09 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -92,7 +92,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. > [!TIP] @@ -157,7 +157,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. > [!TIP] @@ -222,7 +222,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. > [!TIP] @@ -287,7 +287,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed. > [!TIP] @@ -355,7 +355,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. > [!TIP] @@ -420,7 +420,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface. > [!TIP] @@ -485,7 +485,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior. +Available in the latest Windows 10 Insider Preview Build. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 782b57ba8c..a01bbd5c4d 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -176,7 +176,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site. Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. @@ -253,7 +253,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios. By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior. @@ -328,7 +328,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled. By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled. @@ -401,7 +401,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows. By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller. @@ -476,7 +476,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names. By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name. @@ -551,7 +551,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists. @@ -624,7 +624,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism. NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended. @@ -700,7 +700,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password. Contacting the PDC emulator is useful in case the client’s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. @@ -775,7 +775,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC. The default value for this setting is 10 minutes (10*60). @@ -853,7 +853,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC. For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached. @@ -933,7 +933,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used. The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. @@ -1005,7 +1005,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0). +Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0). > [!TIP] @@ -1072,7 +1072,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the level of debug output for the Net Logon service. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the level of debug output for the Net Logon service. The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged. @@ -1147,7 +1147,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied. @@ -1246,7 +1246,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update. DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records’ data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database. @@ -1322,7 +1322,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records. If enabled, domain controllers will lowercase their DNS host name when registering domain controller SRV records. A best-effort attempt will be made to delete any previously registered SRV records that contain mixed-case DNS host names. For more information and potential manual cleanup procedures, see the link below. @@ -1398,7 +1398,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC). +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC). To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes). @@ -1468,7 +1468,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network. To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute). @@ -1539,7 +1539,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator. The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries. @@ -1614,7 +1614,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory. @@ -1687,7 +1687,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). > [!NOTE] > To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. @@ -1763,7 +1763,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed. @@ -1836,7 +1836,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. @@ -1909,7 +1909,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled. By default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified. @@ -1980,7 +1980,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. @@ -2053,7 +2053,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0. @@ -2125,7 +2125,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission. @@ -2203,7 +2203,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0). @@ -2272,7 +2272,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC). +Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC). When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version. @@ -2350,7 +2350,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the interval at which Netlogon performs the following scavenging operations: +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval at which Netlogon performs the following scavenging operations: - Checks if a password on a secure channel needs to be modified, and modifies it if necessary. @@ -2427,7 +2427,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. @@ -2500,7 +2500,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Active Directory site to which computers belong. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. @@ -2573,7 +2573,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission. @@ -2651,7 +2651,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively. The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. @@ -2726,7 +2726,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections. diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index abd5e758fc..1a170d2024 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -209,7 +209,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting makes subfolders available offline whenever their parent folder is made available offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline. This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders. @@ -280,7 +280,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer. If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. @@ -354,7 +354,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer. If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. @@ -428,7 +428,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting. If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on a regular basis. @@ -499,7 +499,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share. +Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share. This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it. @@ -580,7 +580,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -664,7 +664,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -748,7 +748,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files. +Available in the latest Windows 10 Insider Preview Build. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files. This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -828,7 +828,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network. +Available in the latest Windows 10 Insider Preview Build.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network. If you enable this policy setting, Offline Files is enabled and users cannot disable it. @@ -902,7 +902,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are encrypted. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions. @@ -979,7 +979,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines which events the Offline Files feature records in the event log. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record. @@ -1059,7 +1059,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines which events the Offline Files feature records in the event log. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record. @@ -1139,7 +1139,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline. If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline. @@ -1208,7 +1208,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Lists types of files that cannot be used offline. +Available in the latest Windows 10 Insider Preview Build. Lists types of files that cannot be used offline. This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline." @@ -1282,7 +1282,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -1366,7 +1366,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files. This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -1450,7 +1450,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Offline Files folder. +Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location. @@ -1524,7 +1524,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Offline Files folder. +Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location. @@ -1598,7 +1598,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. @@ -1672,7 +1672,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. @@ -1746,7 +1746,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from making network files and folders available offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. @@ -1819,7 +1819,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from making network files and folders available offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching. @@ -1892,7 +1892,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. @@ -1969,7 +1969,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command. If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank. @@ -2046,7 +2046,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Hides or displays reminder balloons, and prevents users from changing the setting. +Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. @@ -2126,7 +2126,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Hides or displays reminder balloons, and prevents users from changing the setting. +Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed. @@ -2206,7 +2206,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links. The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads. @@ -2279,7 +2279,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting makes subfolders available offline whenever their parent folder is made available offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline. This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders. @@ -2350,7 +2350,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting deletes local copies of the user's offline files when the user logs off. +Available in the latest Windows 10 Insider Preview Build. This policy setting deletes local copies of the user's offline files when the user logs off. This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files. @@ -2422,7 +2422,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to turn on economical application of administratively assigned Offline Files. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on economical application of administratively assigned Offline Files. If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later. @@ -2491,7 +2491,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how often reminder balloon updates appear. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting. @@ -2565,7 +2565,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how often reminder balloon updates appear. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting. @@ -2639,7 +2639,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the first reminder balloon for a network status change is displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. @@ -2708,7 +2708,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the first reminder balloon for a network status change is displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. @@ -2777,7 +2777,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long updated reminder balloons are displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. @@ -2846,7 +2846,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long updated reminder balloons are displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. @@ -2915,7 +2915,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter. @@ -2994,7 +2994,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow. When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected. @@ -3068,7 +3068,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log off. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -3146,7 +3146,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log off. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -3224,7 +3224,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log on. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -3304,7 +3304,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log on. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it. @@ -3382,7 +3382,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized before a computer is suspended. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended. If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version. @@ -3454,7 +3454,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized before a computer is suspended. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended. If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version. @@ -3526,7 +3526,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans. If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This may result in extra charges on cell phone or broadband plans. @@ -3595,7 +3595,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. If you enable this policy setting, the "Work offline" command is not displayed in File Explorer. @@ -3664,7 +3664,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. +Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode. If you enable this policy setting, the "Work offline" command is not displayed in File Explorer. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index 426fcbe069..54b15aabfb 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -97,7 +97,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: - Set BranchCache Distributed Cache mode - Set BranchCache Hosted Cache mode @@ -177,7 +177,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers. In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office. @@ -255,7 +255,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers. When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office. @@ -339,7 +339,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies. If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy. @@ -426,7 +426,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office. If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. @@ -509,7 +509,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. +Available in the latest Windows 10 Insider Preview Build. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers. Policy configuration @@ -586,7 +586,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers. If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache. @@ -670,7 +670,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers. If you enable this policy setting, you can configure the age for segments in the data cache. @@ -751,7 +751,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats. If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions." diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index f02fb046cc..fe3507834c 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the execution level for Windows Boot Performance Diagnostics. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Boot Performance Diagnostics. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. @@ -160,7 +160,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Determines the execution level for Windows Standby/Resume Performance Diagnostics. +Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. @@ -237,7 +237,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. @@ -314,7 +314,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Determines the execution level for Windows Standby/Resume Performance Diagnostics. +Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md new file mode 100644 index 0000000000..c8d950a87f --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -0,0 +1,1882 @@ +--- +title: Policy CSP - ADMX_Power +description: Policy CSP - ADMX_Power +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/22/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Power +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Power policies + +
+
+ ADMX_Power/ACConnectivityInStandby_2 +
+
+ ADMX_Power/ACCriticalSleepTransitionsDisable_2 +
+
+ ADMX_Power/ACStartMenuButtonAction_2 +
+
+ ADMX_Power/AllowSystemPowerRequestAC +
+
+ ADMX_Power/AllowSystemPowerRequestDC +
+
+ ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC +
+
+ ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC +
+
+ ADMX_Power/CustomActiveSchemeOverride_2 +
+
+ ADMX_Power/DCBatteryDischargeAction0_2 +
+
+ ADMX_Power/DCBatteryDischargeAction1_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel0_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel1UINotification_2 +
+
+ ADMX_Power/DCBatteryDischargeLevel1_2 +
+
+ ADMX_Power/DCConnectivityInStandby_2 +
+
+ ADMX_Power/DCCriticalSleepTransitionsDisable_2 +
+
+ ADMX_Power/DCStartMenuButtonAction_2 +
+
+ ADMX_Power/DiskACPowerDownTimeOut_2 +
+
+ ADMX_Power/DiskDCPowerDownTimeOut_2 +
+
+ ADMX_Power/Dont_PowerOff_AfterShutdown +
+
+ ADMX_Power/EnableDesktopSlideShowAC +
+
+ ADMX_Power/EnableDesktopSlideShowDC +
+
+ ADMX_Power/InboxActiveSchemeOverride_2 +
+
+ ADMX_Power/PW_PromptPasswordOnResume +
+
+ ADMX_Power/PowerThrottlingTurnOff +
+
+ ADMX_Power/ReserveBatteryNotificationLevel +
+
+ + +
+ + +**ADMX_Power/ACConnectivityInStandby_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. + +If you enable this policy setting, network connectivity will be maintained in standby. + +If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. + +If you do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow network connectivity during connected-standby (plugged in)* +- GP name: *ACConnectivityInStandby_2* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/ACCriticalSleepTransitionsDisable_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. + +If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on the ability for applications to prevent sleep transitions (plugged in)* +- GP name: *ACCriticalSleepTransitionsDisable_2* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/ACStartMenuButtonAction_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. + +If you enable this policy setting, select one of the following actions: + +- Sleep +- Hibernate +- Shut down + +If you disable this policy or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Select the Start menu Power button action (plugged in)* +- GP name: *ACStartMenuButtonAction_2* +- GP path: *System\Power Management\Button Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/AllowSystemPowerRequestAC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep. + +If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. + +If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow applications to prevent automatic sleep (plugged in)* +- GP name: *AllowSystemPowerRequestAC* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/AllowSystemPowerRequestDC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows applications and services to prevent automatic sleep. + +If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity. + +If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow applications to prevent automatic sleep (on battery)* +- GP name: *AllowSystemPowerRequestDC* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files. + +If you enable this policy setting, the computer automatically sleeps when network files are open. + +If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow automatic sleep with Open Network Files (plugged in)* +- GP name: *AllowSystemSleepWithRemoteFilesOpenAC* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage automatic sleep with open network files. + +If you enable this policy setting, the computer automatically sleeps when network files are open. + +If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow automatic sleep with Open Network Files (on battery)* +- GP name: *AllowSystemSleepWithRemoteFilesOpenDC* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/CustomActiveSchemeOverride_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool. + +If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active. + +If you disable or do not configure this policy setting, users can see and change this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify a custom active power plan* +- GP name: *CustomActiveSchemeOverride_2* +- GP path: *System\Power Management* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCBatteryDischargeAction0_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level. + +If you enable this policy setting, select one of the following actions: + +- Take no action +- Sleep +- Hibernate +- Shut down + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Critical battery notification action* +- GP name: *DCBatteryDischargeAction0_2* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCBatteryDischargeAction1_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level. + +If you enable this policy setting, select one of the following actions: + +- Take no action +- Sleep +- Hibernate +- Shut down + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Low battery notification action* +- GP name: *DCBatteryDischargeAction1_2* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCBatteryDischargeLevel0_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action. + +If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification. + +To set the action that is triggered, see the "Critical Battery Notification Action" policy setting. + +If you disable this policy setting or do not configure it, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Critical battery notification level* +- GP name: *DCBatteryDischargeLevel0_2* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCBatteryDischargeLevel1UINotification_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level. + +If you enable this policy setting, Windows shows a notification when the battery capacity remaining equals the low battery notification level. + +To configure the low battery notification level, see the "Low Battery Notification Level" policy setting. + +The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action". + +If you disable or do not configure this policy setting, users can control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off low battery user notification* +- GP name: *DCBatteryDischargeLevel1UINotification_2* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCBatteryDischargeLevel1_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action. + +If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification. + +To set the action that is triggered, see the "Low Battery Notification Action" policy setting. + +If you disable this policy setting or do not configure it, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Low battery notification level* +- GP name: *DCBatteryDischargeLevel1_2* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCConnectivityInStandby_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. + +If you enable this policy setting, network connectivity will be maintained in standby. + +If you disable this policy setting, network connectivity in standby is not guaranteed. This connectivity restriction currently applies to WLAN networks only, and is subject to change. + +If you do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow network connectivity during connected-standby (on battery)* +- GP name: *DCConnectivityInStandby_2* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCCriticalSleepTransitionsDisable_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. + +If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate). + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on the ability for applications to prevent sleep transitions (on battery)* +- GP name: *DCCriticalSleepTransitionsDisable_2* +- GP path: *System\Power Management\Sleep Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DCStartMenuButtonAction_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. + +If you enable this policy setting, select one of the following actions: + +- Sleep +- Hibernate +- Shut down + +If you disable this policy or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Select the Start menu Power button action (on battery)* +- GP name: *DCStartMenuButtonAction_2* +- GP path: *System\Power Management\Button Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DiskACPowerDownTimeOut_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. + +If you disable or do not configure this policy setting, users can see and change this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn Off the hard disk (plugged in)* +- GP name: *DiskACPowerDownTimeOut_2* +- GP path: *System\Power Management\Hard Disk Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/DiskDCPowerDownTimeOut_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the period of inactivity before Windows turns off the hard disk. + +If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk. + +If you disable or do not configure this policy setting, users can see and change this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn Off the hard disk (on battery)* +- GP name: *DiskDCPowerDownTimeOut_2* +- GP path: *System\Power Management\Hard Disk Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/Dont_PowerOff_AfterShutdown** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. + +This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. + +Applications such as UPS software may rely on Windows shutdown behavior. + +This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown(). + +If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed. + +If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not turn off system power after a Windows system shutdown has occurred.* +- GP name: *Dont_PowerOff_AfterShutdown* +- GP path: *System* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/EnableDesktopSlideShowAC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow. + +If you enable this policy setting, desktop background slideshow is enabled. + +If you disable this policy setting, the desktop background slideshow is disabled. + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on desktop background slideshow (plugged in)* +- GP name: *EnableDesktopSlideShowAC* +- GP path: *System\Power Management\Video and Display Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/EnableDesktopSlideShowDC** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify if Windows should enable the desktop background slideshow. + +If you enable this policy setting, desktop background slideshow is enabled. + +If you disable this policy setting, the desktop background slideshow is disabled. + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on desktop background slideshow (on battery)* +- GP name: *EnableDesktopSlideShowDC* +- GP path: *System\Power Management\Video and Display Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/InboxActiveSchemeOverride_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting. + +If you enable this policy setting, specify a power plan from the Active Power Plan list. + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Select an active power plan* +- GP name: *InboxActiveSchemeOverride_2* +- GP path: *System\Power Management* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/PW_PromptPasswordOnResume** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state. + +If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state. + +If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prompt for password on resume from hibernate/suspend* +- GP name: *PW_PromptPasswordOnResume* +- GP path: *System\Power Management* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/PowerThrottlingTurnOff** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Power Throttling. + +If you enable this policy setting, Power Throttling will be turned off. + +If you disable or do not configure this policy setting, users control this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Power Throttling* +- GP name: *PowerThrottlingTurnOff* +- GP path: *System\Power Management\Power Throttling Settings* +- GP ADMX file name: *Power.admx* + + + +
+ + +**ADMX_Power/ReserveBatteryNotificationLevel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode. + +If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification. + +If you disable or do not configure this policy setting, users can see and change this setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Reserve battery notification level* +- GP name: *ReserveBatteryNotificationLevel* +- GP path: *System\Power Management\Notification Settings* +- GP ADMX file name: *Power.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index e466f85f86..5db45b394d 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval. If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds. @@ -159,7 +159,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled. If you enable this policy setting, error reporting includes unplanned shutdown events. @@ -234,7 +234,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated. The system state data file contains information about the basic system state as well as the state of all running processes. @@ -312,7 +312,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer. +Available in the latest Windows 10 Insider Preview Build. The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer. If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down. diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 7f655514ef..1a7df80d7f 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -107,7 +107,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer. If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured. @@ -176,7 +176,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the system waits for scripts applied by Group Policy to run. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event. @@ -251,7 +251,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. @@ -343,7 +343,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. +Available in the latest Windows 10 Insider Preview Build. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000. @@ -416,7 +416,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in logoff scripts as they run. +Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logoff scripts as they run. Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script. @@ -487,7 +487,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. +Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. @@ -558,7 +558,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. +Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. @@ -629,7 +629,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in logon scripts as they run. +Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logon scripts as they run. Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts. @@ -700,7 +700,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in shutdown scripts as they run. +Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in shutdown scripts as they run. Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script. @@ -771,7 +771,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets the system run startup scripts simultaneously. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script. @@ -845,7 +845,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in startup scripts as they run. +Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in startup scripts as they run. Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script. @@ -920,7 +920,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index ce4096ecc5..bc7b4bc48a 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -80,7 +80,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" +Available in the latest Windows 10 Insider Preview Build. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. @@ -149,7 +149,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers. If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. @@ -220,7 +220,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 3f963a77cb..5016dd12b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index c18852e5ea..c2738859de 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when each path is separated by a semicolon. diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index 7b7f7b195c..365e67295a 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -76,7 +76,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS . @@ -149,7 +149,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). +Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS. diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index a293d2b013..92d7458cc6 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -73,7 +73,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile. If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index e8df85ad6d..70b33efe0d 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer. If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. @@ -155,7 +155,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Disables the Windows registry editor Regedit.exe. +Available in the latest Windows 10 Insider Preview Build. Disables the Windows registry editor Regedit.exe. If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action. @@ -227,7 +227,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows from running the programs you specify in this policy setting. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows from running the programs you specify in this policy setting. If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications. @@ -302,7 +302,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Limits the Windows programs that users have permission to run on the computer. +Available in the latest Windows 10 Insider Preview Build. Limits the Windows programs that users have permission to run on the computer. If you enable this policy setting, users can only run programs that you add to the list of allowed applications. diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 76452c2119..67c2a2ea26 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -119,7 +119,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. @@ -194,7 +194,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI). +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI). In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature. @@ -265,7 +265,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. @@ -334,7 +334,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. +Available in the latest Windows 10 Insider Preview Build. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. @@ -405,7 +405,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card. @@ -474,7 +474,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff. > [!TIP] @@ -539,7 +539,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. @@ -611,7 +611,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents plaintext PINs from being returned by Credential Manager. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Credential Manager does not return a plaintext PIN. @@ -683,7 +683,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. @@ -755,7 +755,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you configure if all your valid logon certificates are displayed. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). @@ -831,7 +831,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the reading of all certificates from the smart card for logon. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the reading of all certificates from the smart card for logon. During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior. @@ -902,7 +902,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the displayed message when a smart card is blocked. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the displayed message when a smart card is blocked. If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. @@ -974,7 +974,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. @@ -1045,7 +1045,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether Smart Card Plug and Play is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. @@ -1117,7 +1117,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed. @@ -1189,7 +1189,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user. +Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user. If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed. diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 2a83f8346c..4cdc53625c 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -80,7 +80,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events. @@ -161,7 +161,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. @@ -241,7 +241,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 8e49043225..41c38ffa9f 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. Allows you to disable System Restore configuration through System Protection. +Available in the latest Windows 10 Insider Preview Build. Allows you to disable System Restore configuration through System Protection. This policy setting allows you to turn off System Restore configuration through System Protection. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index b43d4d2011..403e0686e1 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -110,7 +110,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host. If you enable this policy setting, you can specify a relay name for a 6to4 host. @@ -179,7 +179,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host. If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically. @@ -248,7 +248,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. If you disable or do not configure this policy setting, the local host setting is used. @@ -323,7 +323,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. If you disable or do not configure this policy setting, the local host settings are used. @@ -398,7 +398,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP Stateless Autoconfiguration Limits. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP Stateless Autoconfiguration Limits. If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes. @@ -467,7 +467,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required. @@ -536,7 +536,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. If you disable or do not configure this policy setting, the local host setting is used. @@ -611,7 +611,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize. If you enable this policy setting, you can customize a UDP port for the Teredo client. @@ -680,7 +680,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state. If you disable or do not configure this policy setting, the local host setting is used. @@ -751,7 +751,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the Teredo refresh rate. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the Teredo refresh rate. > [!NOTE] > On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device. @@ -823,7 +823,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied. If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client. @@ -892,7 +892,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. If you disable or do not configure this policy setting, the local host settings are used. @@ -969,7 +969,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly. If you do not configure this policy setting, the local host settings are used. diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 69fd52c66e..9aabebdc8b 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -79,7 +79,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. File Explorer displays thumbnail images by default. @@ -150,7 +150,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. File Explorer displays thumbnail images on network folders by default. @@ -221,7 +221,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files. +Available in the latest Windows 10 Insider Preview Build. Turns off the caching of thumbnails in hidden thumbs.db files. This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files. diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index aeec40aa7f..da8e499dae 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -101,7 +101,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows. If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section. @@ -170,7 +170,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state. > [!TIP] @@ -235,7 +235,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands. If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list. @@ -306,7 +306,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands. If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list. @@ -377,7 +377,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password. You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none. @@ -455,7 +455,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows. +Available in the latest Windows 10 Insider Preview Build. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows. > [!TIP] @@ -520,7 +520,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM. This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. @@ -601,7 +601,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. @@ -684,7 +684,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. @@ -767,7 +767,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index d967a2db8e..b82218ed41 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -450,7 +450,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Calculator. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Calculator. By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers. @@ -524,7 +524,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location. @@ -603,7 +603,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. @@ -677,7 +677,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. @@ -748,7 +748,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the URL for the Contact IT link in the Company Settings Center. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the URL for the Contact IT link in the Company Settings Center. If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. @@ -819,7 +819,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. @@ -896,7 +896,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates. If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization. @@ -967,7 +967,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled. @@ -1035,7 +1035,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers. If you enable this policy setting, Finance user settings continue to sync. @@ -1106,7 +1106,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers. With this setting enabled, the notification appears the first time that the UE-V Agent runs. @@ -1178,7 +1178,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers. If you enable this policy setting, Games user settings continue to sync. @@ -1250,7 +1250,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Internet Explorer 8. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 8. By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. @@ -1324,7 +1324,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers. If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. @@ -1396,7 +1396,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers. If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. @@ -1468,7 +1468,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers. If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize. @@ -1540,7 +1540,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer. By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers. If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize. @@ -1612,7 +1612,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers. If you enable this policy setting, Maps user settings continue to sync. @@ -1684,7 +1684,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. @@ -1754,7 +1754,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. @@ -1826,7 +1826,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize. @@ -1898,7 +1898,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize. @@ -1969,7 +1969,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers. If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. @@ -2041,7 +2041,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize. @@ -2113,7 +2113,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers. If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. @@ -2184,7 +2184,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers. If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. @@ -2256,7 +2256,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers. If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. @@ -2328,7 +2328,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers. If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. @@ -2399,7 +2399,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers. If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. @@ -2471,7 +2471,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize. @@ -2543,7 +2543,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers. If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize. @@ -2615,7 +2615,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers. If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize. @@ -2687,7 +2687,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers. If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize. @@ -2759,7 +2759,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers. If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. @@ -2830,7 +2830,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings. If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. @@ -2902,7 +2902,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize. @@ -2974,7 +2974,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. @@ -3047,7 +3047,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2013. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2013. By default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers. @@ -3120,7 +3120,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings. If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. @@ -3191,7 +3191,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers. If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. @@ -3263,7 +3263,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings. If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. @@ -3335,7 +3335,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers. If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize. @@ -3406,7 +3406,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings. If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. @@ -3478,7 +3478,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers. If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. @@ -3550,7 +3550,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers. If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. @@ -3622,7 +3622,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings. If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. @@ -3694,7 +3694,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers. If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. @@ -3765,7 +3765,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings. If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. @@ -3837,7 +3837,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers. If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. @@ -3909,7 +3909,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings. If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. @@ -3981,7 +3981,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers. If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. @@ -4052,7 +4052,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings. If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. @@ -4124,7 +4124,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers. If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. @@ -4196,7 +4196,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings. If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. @@ -4268,7 +4268,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize. @@ -4339,7 +4339,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings. If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up. @@ -4410,7 +4410,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers. If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize. @@ -4482,7 +4482,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers. If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize. @@ -4554,7 +4554,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings. If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. @@ -4626,7 +4626,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers. If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize. @@ -4698,7 +4698,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings. If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. @@ -4770,7 +4770,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers. If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. @@ -4842,7 +4842,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings. If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. @@ -4914,7 +4914,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize. @@ -4986,7 +4986,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. @@ -5059,7 +5059,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers. If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize. @@ -5131,7 +5131,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings. If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. @@ -5203,7 +5203,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers. If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize. @@ -5275,7 +5275,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings. If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. @@ -5347,7 +5347,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers. If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. @@ -5419,7 +5419,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers. If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. @@ -5491,7 +5491,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings. If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. @@ -5563,7 +5563,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers. If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. @@ -5635,7 +5635,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings. If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. @@ -5707,7 +5707,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers. If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. @@ -5779,7 +5779,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings. If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. @@ -5851,7 +5851,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2016. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Project 2016. By default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers. If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. @@ -5924,7 +5924,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings. If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. @@ -5995,7 +5995,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers. If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. @@ -6067,7 +6067,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings. If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. @@ -6138,7 +6138,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers. If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize. @@ -6210,7 +6210,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers. If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize. @@ -6282,7 +6282,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings. If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. @@ -6354,7 +6354,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers. If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize. @@ -6426,7 +6426,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings. If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. @@ -6498,7 +6498,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. @@ -6570,7 +6570,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. @@ -6642,7 +6642,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V. @@ -6713,7 +6713,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V. @@ -6785,7 +6785,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. @@ -6857,7 +6857,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. @@ -6929,7 +6929,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. @@ -7000,7 +7000,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. @@ -7072,7 +7072,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. @@ -7144,7 +7144,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. @@ -7216,7 +7216,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. @@ -7288,7 +7288,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. @@ -7360,7 +7360,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. @@ -7432,7 +7432,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. @@ -7504,7 +7504,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. @@ -7576,7 +7576,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. @@ -7647,7 +7647,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. @@ -7719,7 +7719,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. @@ -7791,7 +7791,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. @@ -7863,7 +7863,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V. @@ -7935,7 +7935,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. @@ -8007,7 +8007,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. @@ -8079,7 +8079,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. @@ -8151,7 +8151,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. @@ -8223,7 +8223,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers. If you enable this policy setting, Music user settings continue to sync. @@ -8294,7 +8294,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers. If you enable this policy setting, News user settings continue to sync. @@ -8366,7 +8366,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers. If you enable this policy setting, the Notepad user settings continue to synchronize. @@ -8438,7 +8438,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers. If you enable this policy setting, Reader user settings continue to sync. @@ -8511,7 +8511,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. @@ -8581,7 +8581,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures where the settings package files that contain user settings are stored. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures where the settings package files that contain user settings are stored. If you enable this policy setting, the user settings are stored in the specified location. @@ -8651,7 +8651,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent. If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. @@ -8727,7 +8727,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers. If you enable this policy setting, Sports user settings continue to sync. @@ -8799,7 +8799,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier. > [!TIP] @@ -8864,7 +8864,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection. @@ -8936,7 +8936,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. @@ -9008,7 +9008,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization. If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages. @@ -9079,7 +9079,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List. With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized. @@ -9151,7 +9151,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers. If you enable this policy setting, Travel user settings continue to sync. @@ -9222,7 +9222,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. +Available in the latest Windows 10 Insider Preview Build. This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. @@ -9292,7 +9292,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers. If you enable this policy setting, Video user settings continue to sync. @@ -9364,7 +9364,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers. If you enable this policy setting, Weather user settings continue to sync. @@ -9435,7 +9435,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers. If you enable this policy setting, the WordPad user settings continue to synchronize. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index a9b6715a43..0afeb2cfc3 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -83,7 +83,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs. If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values. @@ -228,7 +228,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a set of parameters for controlling the Windows NTP Client. If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. @@ -318,7 +318,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider. @@ -389,7 +389,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Windows NTP Server is enabled. If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers. diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index bceaf394ed..d5aba0a18f 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -77,7 +77,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. +Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. If you enable this setting, Windows Calendar will be turned off. @@ -150,7 +150,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. +Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. If you enable this setting, Windows Calendar will be turned off. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index 8b06f92864..c0b49d9fae 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -75,7 +75,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators. +Available in the latest Windows 10 Insider Preview Build. By default, Add features to Windows 10 is available for all administrators. If you enable this policy setting, the wizard will not run. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 80b7d947fa..bec9255c05 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -80,7 +80,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. +Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. @@ -149,7 +149,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. +Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. @@ -218,7 +218,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives. Additional options are available to allow discovery and configuration over a specific medium. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index d9845c8533..0fa4658ba7 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -74,7 +74,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 69a27c1fef..22acf9fa38 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -134,7 +134,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player. If you enable this policy setting, select one of the following proxy types: @@ -215,7 +215,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the MMS proxy settings for Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the MMS proxy settings for Windows Media Player. If you enable this policy setting, select one of the following proxy types: @@ -295,7 +295,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player. If you enable this policy setting, select one of the following proxy types: @@ -373,7 +373,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to turn off do not show first use dialog boxes. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off do not show first use dialog boxes. If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player. @@ -444,7 +444,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Network tab. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Network tab. If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player. @@ -513,7 +513,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode. If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. @@ -584,7 +584,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode. +Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode. This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. @@ -655,7 +655,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent video smoothing from occurring. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent video smoothing from occurring. If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available. @@ -728,7 +728,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows a screen saver to interrupt playback. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows a screen saver to interrupt playback. If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available. @@ -799,7 +799,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Privacy tab in Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Privacy tab in Windows Media Player. If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled. @@ -870,7 +870,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Security tab in Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Security tab in Windows Media Player. If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies. @@ -939,7 +939,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played. @@ -1013,7 +1013,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent Windows Media Player from downloading codecs. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows Media Player from downloading codecs. If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available. @@ -1084,7 +1084,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available. @@ -1153,7 +1153,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media sharing from Windows Media Player. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media sharing from Windows Media Player. If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature. @@ -1222,7 +1222,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for music files from being retrieved from the Internet. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for music files from being retrieved from the Internet. If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available. @@ -1291,7 +1291,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar. @@ -1359,7 +1359,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent radio station presets from being retrieved from the Internet. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent radio station presets from being retrieved from the Internet. If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed. @@ -1428,7 +1428,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. If you enable this policy setting, users cannot add the Player shortcut icon to their desktops. @@ -1497,7 +1497,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin. If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab. @@ -1570,7 +1570,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services. If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index dbbecca9d5..9e17ae7971 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -80,7 +80,7 @@ manager: dansimp -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system. If you enable this policy setting, the system does not create the named pipe remote shutdown interface. @@ -149,7 +149,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled. @@ -218,7 +218,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown. If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified. diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md index 9721578892..9fe2ca8cc1 100644 --- a/windows/privacy/manage-windows-1909-endpoints.md +++ b/windows/privacy/manage-windows-1909-endpoints.md @@ -73,7 +73,6 @@ The following methodology was used to derive these network endpoints: ||The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data.|TLS v1.2|inference.location.live.net| |Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)| ||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTP|*maps.windows.com| -|| The following endpoints are used to check for updates to maps that have been downloaded for offline use.|HTTP|fs.microsoft.com*| |Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)| ||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLS v1.2|*login.live.com| |Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)| diff --git a/windows/security/docfx.json b/windows/security/docfx.json index 1998bdf279..a27324310a 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -21,7 +21,8 @@ "files": [ "**/*.png", "**/*.jpg", - "**/*.gif" + "**/*.gif", + "**/*.svg" ], "exclude": [ "**/obj/**", diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index e4e7af1253..b1fda98d52 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 09/09/2019 +ms.date: 12/22/2020 ms.reviewer: --- @@ -45,37 +45,34 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se 1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. 2. After you have logged in, choose **Accept** to give consent for the PIN reset service to access your account. -![PIN reset service application in Azure](images/pinreset/pin-reset-service-prompt.png) + ![PIN reset service application in Azure](images/pinreset/pin-reset-service-prompt.png) 3. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. 4. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account. - + ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) > [!NOTE] > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. - -![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) - 5. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. -![PIN reset service permissions page](images/pinreset/pin-reset-applications.png) + ![PIN reset service permissions page](images/pinreset/pin-reset-applications.png) ### Configure Windows devices to use PIN reset using Group Policy You configure Windows 10 to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object. 1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory. -2. Edit the Group Policy object from step 1. -3. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration->Administrative Templates->Windows Components->Windows Hello for Business**. +2. Edit the Group Policy object from Step 1. +3. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**. 4. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC. #### Create a PIN Reset Device configuration profile using Microsoft Intune -1. Sign-in to [Enpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account. -2. Click **Endpoint Security**-> **Account Protection**-> **Properties**. +1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account. +2. Click **Endpoint Security** > **Account Protection** > **Properties**. 3. Set **Enable PIN recovery** to **Yes**. > [!NOTE] > You can also setup PIN recovery using configuration profiles. > 1. Sign in to Endpoint Manager. -> 2. Click **Devices** -> **Configuration Profiles** -> Create a new profile or edit an existing profile using the Identity Protection profile type. +> 2. Click **Devices** > **Configuration Profiles** > Create a new profile or edit an existing profile using the Identity Protection profile type. > 3. Set **Enable PIN recovery** to **Yes**. #### Assign the PIN Reset Device configuration profile using Microsoft Intune diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-home-screen.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-home-screen.png new file mode 100644 index 0000000000..fce622e7f7 Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-home-screen.png differ diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-option.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-option.png new file mode 100644 index 0000000000..7415de9616 Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-option.png differ diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-application.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-application.png new file mode 100644 index 0000000000..970e9f8109 Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-application.png differ diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-home-screen.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-home-screen.png new file mode 100644 index 0000000000..9903a59bf5 Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-home-screen.png differ diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md index c2499cf092..efaf6664a9 100644 --- a/windows/security/includes/improve-request-performance.md +++ b/windows/security/includes/improve-request-performance.md @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- ->[!NOTE] +>[!TIP] >For better performance, you can use server closer to your geo location: > - api-us.securitycenter.microsoft.com > - api-eu.securitycenter.microsoft.com diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md new file mode 100644 index 0000000000..4fe2a734da --- /dev/null +++ b/windows/security/includes/microsoft-defender-api-usgov.md @@ -0,0 +1,20 @@ +--- +title: Microsoft Defender for Endpoint API URIs for US Government +description: Microsoft Defender for Endpoint API URIs for US Government +keywords: defender, endpoint, api, government, gov +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +>[!NOTE] +>If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government GCC High customers](../threat-protection/microsoft-defender-atp/gov.md#api). diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 5c7b1190b1..b69e88d45f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -1,6 +1,6 @@ --- -title: BitLocker How to enable Network Unlock (Windows 10) -description: This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. +title: BitLocker - How to enable Network Unlock (Windows 10) +description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it. ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9 ms.reviewer: ms.prod: w10 @@ -23,178 +23,168 @@ ms.custom: bitlocker **Applies to** - Windows 10 -This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. +This article for IT professionals describes how BitLocker Network Unlock works and how to configure it. -Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. -Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers. +Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock helps you manage BitLocker-enabled desktops and servers in a domain environment by automatically unlocking operating system volumes when the system is rebooted and is connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. -Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session. +Without Network Unlock, operating system volumes that use TPM+PIN protectors require a PIN when a computer reboots or resumes after hibernation (for example, by Wake on LAN). For enterprises, this setup can make software patches difficult to roll out to unattended desktops and remotely administered servers. -This topic contains: - -- [Network Unlock core requirements](#bkmk-nunlockcorereqs) -- [Network Unlock sequence](#bkmk-networkunlockseq) -- [Configure Network Unlock](#bkmk-configuringnetworkunlock) -- [Create the certificate template for Network Unlock](#bkmk-createcerttmpl) -- [Turning off Network Unlock](#bkmk-turnoffnetworkunlock) -- [Update Network Unlock certificates](#bkmk-updatecerts) -- [Troubleshoot Network Unlock](#bkmk-troubleshoot) -- [Configure Network Unlock on unsupported systems](#bkmk-unsupportedsystems) +Network Unlock allows BitLocker-enabled systems that use TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works like the TPM+StartupKey at boot. But the StartupKey doesn't need to be read from USB media. Instead, the key for Network Unlock is composed from a key that's stored in the TPM and an encrypted network key that's sent to the server. It's decrypted and returned to the client in a secure session. ## Network Unlock core requirements -Network Unlock must meet mandatory hardware and software requirements before the feature can automatically unlock domain joined systems. These requirements include: +Network Unlock requires the following mandatory hardware and software configurations before it can automatically unlock domain-joined systems: - You must be running at least Windows 8 or Windows Server 2012. -- Any supported operating system with UEFI DHCP drivers can be Network Unlock clients. -- Network Unlock clients must have a TPM chip and at least one TPM protector. -- A server running the Windows Deployment Services (WDS) role on any supported server operating system. -- BitLocker Network Unlock optional feature installed on any supported server operating system. -- A DHCP server, separate from the WDS server. -- Properly configured public/private key pairing. -- Network Unlock Group Policy settings configured. +- Any supported operating system that uses UEFI DHCP drivers can be a Network Unlock client. +- Network Unlock clients must have a TPM (trusted platform module) chip and at least one TPM protector. +- You must have a server running the Windows Deployment Services (WDS) role on any supported server operating system. +- The BitLocker Network Unlock optional feature can be installed on any supported server operating system. +- You must have a DHCP server, separate from the WDS server. +- You must have a properly configured public/private key pairing. +- Network Unlock Group Policy settings must be configured. -The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus, so you need to confirm that the network stack has been enabled in the BIOS before starting the computer. +The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus. So confirm that the network stack has been enabled in the BIOS before you start the computer. > [!NOTE] -> To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled. +> To properly support DHCP within UEFI, the UEFI-based system should be in native mode and shouldn't have a compatibility support module (CSM) enabled. -For Network Unlock to work reliably on computers running Windows 8 and later, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock will fail. +On computers that run Windows 8 and later, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP. This adapter must be used for Network Unlock. + +Use this configuration especially when you have multiple adapters and you want to configure one without DHCP, such as for a lights-out management protocol. The configuration is necessary because Network Unlock stops enumerating adapters when it reaches an adapter that has a DHCP port that has failed for any reason. So if the first enumerated adapter doesn't support DHCP, isn't plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock will fail. -The Network Unlock server component installs on supported versions of Windows Server 2012 and later as a Windows feature using Server Manager or Windows PowerShell cmdlets. The feature name is BitLocker Network Unlock in Server Manager and BitLocker-NetworkUnlock in Windows PowerShell. This feature is a core requirement. +On supported versions of Windows Server 2012 and later, the Network Unlock server component installs as a Windows feature. It uses Server Manager or Windows PowerShell cmdlets. In Server Manager, the feature name is BitLocker Network Unlock. In Windows PowerShell, the feature name is BitLocker-NetworkUnlock. This feature is a core requirement. -Network Unlock requires Windows Deployment Services (WDS) in the environment where the feature will be utilized. Configuration of the WDS installation is not required; however, the WDS service needs to be running on the server. +Network Unlock requires WDS in the environment where the feature will be used. Configuration of the WDS installation isn't required. But the WDS service must be running on the server. -The network key is stored on the system drive along with an AES 256 session key, and encrypted with the 2048-bit RSA public key of the unlock server's certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server running WDS, and returned encrypted with its corresponding session key. +The network key is stored on the system drive along with an AES 256 session key. It's encrypted with the 2048-bit RSA public key of the unlock server's certificate. The network key is decrypted with the help of a provider on a supported version of Windows Server that's running WDS. The network key is returned encrypted with its corresponding session key. ## Network Unlock sequence -The unlock sequence starts on the client side, when the Windows boot manager detects the existence of Network Unlock protector. It leverages the DHCP driver in UEFI to obtain an IP address for IPv4 and then broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described above. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. +The unlock sequence starts on the client side, when the Windows boot manager detects the existence of the Network Unlock protector. It uses the DHCP driver in UEFI to get an IP address for IPv4. Then it broadcasts a vendor-specific DHCP request that contains the network key and a session key for the reply, all encrypted by the server's Network Unlock certificate, as described earlier. The Network Unlock provider on the supported WDS server recognizes the vendor-specific request, decrypts it with the RSA private key, and returns the network key encrypted with the session key via its own vendor-specific DHCP reply. -On the server side, the WDS server role has an optional plugin component, like a PXE provider, which is what handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions, which would require that the IP address provided by the client in the Network Unlock request belong to a permitted subnet in order to release the network key to the client. In instances where the Network Unlock provider is unavailable, BitLocker fails over to the next available protector to unlock the drive. In a typical configuration, this means the standard TPM+PIN unlock screen is presented to unlock the drive. +On the server side, the WDS server role has an optional plug-in component, like a PXE (preboot execution environment) provider. The plug-in component handles the incoming Network Unlock requests. The provider can also be configured with subnet restrictions. These restrictions require the IP address that's provided by the client in the Network Unlock request to belong to a permitted subnet in order to release the network key to the client. If the Network Unlock provider is unavailable, then BitLocker fails over to the next available protector to unlock the drive. So in a typical configuration, the standard TPM+PIN unlock screen is presented to unlock the drive. -The server side configuration to enable Network Unlock also requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate, and for the public key certificate to be distributed to the clients. This certificate must be managed and deployed through the Group Policy editor directly on a domain controller with at least a Domain Functional Level of Windows Server 2012. This certificate is the public key that encrypts the intermediate network key (which is one of the two secrets required to unlock the drive; the other secret is stored in the TPM). +The server-side configuration to enable Network Unlock requires provisioning a 2048-bit RSA public/private key pair in the form of an X.509 certificate. The configuration also requires the public key certificate to be distributed to the clients. -![bitlocker network unlock sequence](images/bitlockernetworkunlocksequence.png) +Manage and deploy this certificate through the Group Policy editor directly on a domain controller that has a domain functional level of at least Windows Server 2012. This certificate is the public key that encrypts the intermediate network key. The intermediate network key is one of the two secrets that are required to unlock the drive; the other secret is stored in the TPM. -**Phases in the Network Unlock process** +![Diagram showing the BitLocker network unlock sequence.](images/bitlockernetworkunlocksequence.png) -1. The Windows boot manager detects that a Network Unlock protector exists in the BitLocker configuration. -2. The client computer uses its DHCP driver in the UEFI to obtain a valid IPv4 IP address. +The Network Unlock process follows these phases: + +1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration. +2. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address. 3. The client computer broadcasts a vendor-specific DHCP request that contains: - 1. A Network Key (a 256-bit intermediate key) encrypted using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. - 2. An AES-256 session key for the reply. + - A network key (a 256-bit intermediate key) that's encrypted by the 2048-bit RSA public key of the Network Unlock certificate from the WDS server. + - An AES-256 session key for the reply. 4. The Network Unlock provider on the WDS server recognizes the vendor-specific request. -5. The provider decrypts it with the WDS server’s BitLocker Network Unlock certificate RSA private key. -6. The WDS provider then returns the network key encrypted with the session key using its own vendor-specific DHCP reply to the client computer. This forms an intermediate key. -7. The returned intermediate key is then combined with another local 256-bit intermediate key that can only be decrypted by the TPM. +5. The provider decrypts the request by using the WDS server's BitLocker Network Unlock certificate RSA private key. +6. The WDS provider returns the network key encrypted with the session key by using its own vendor-specific DHCP reply to the client computer. This key is an intermediate key. +7. The returned intermediate key is combined with another local 256-bit intermediate key. This key can be decrypted only by the TPM. 8. This combined key is used to create an AES-256 key that unlocks the volume. 9. Windows continues the boot sequence. ## Configure Network Unlock -The following steps allow an administrator to configure Network Unlock in a domain where the Domain Functional Level is at least Windows Server 2012. +The following steps allow an administrator to configure Network Unlock in a domain where the functional level is at least Windows Server 2012. -### Install the WDS Server role +### Install the WDS server role -The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. +The BitLocker Network Unlock feature installs the WDS role if it's not already installed. If you want to install it separately before you install BitLocker Network Unlock, use Server Manager or Windows PowerShell. To install the role in Server Manager, select the **Windows Deployment Services** role. -To install the role using Windows PowerShell, use the following command: +To install the role by using Windows PowerShell, use the following command: ```powershell Install-WindowsFeature WDS-Deployment ``` -You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Domain Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. +Configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Domain Services) and the client computer. Use the WDS management tool, `wdsmgmt.msc`. This tool starts the Windows Deployment Services Configuration Wizard. -### Confirm the WDS Service is running +### Confirm the WDS service is running -To confirm the WDS service is running, use the Services Management Console or Windows PowerShell. To confirm the service is running in Services Management Console, open the console using **services.msc** and check the status of the Windows Deployment Services service. +To confirm the WDS service is running, use the Services Management console or Windows PowerShell. To confirm the service is running in the Services Management console, open the console by using `services.msc`. Then check the status of the WDS service. -To confirm the service is running using Windows PowerShell, use the following command: +To confirm the service is running by using Windows PowerShell, use the following command: ```powershell Get-Service WDSServer ``` -### Install the Network Unlock feature +### Install the Network Unlock feature -To install the Network Unlock feature, use Server Manager or Windows PowerShell. To install the feature using Server Manager, select the **BitLocker Network Unlock** feature in the Server Manager console. +To install the Network Unlock feature, use Server Manager or Windows PowerShell. To install the feature in the Server Manager console, select **BitLocker Network Unlock**. -To install the feature using Windows PowerShell, use the following command: +To install the feature by using Windows PowerShell, use the following command: ```powershell Install-WindowsFeature BitLocker-NetworkUnlock ``` -### Create the certificate template for Network Unlock +### Create the certificate template for Network Unlock -A properly configured Active Directory Services Certification Authority can use this certificate template to create and issue Network Unlock certificates. +A properly configured Active Directory Services Certification Authority can use the certificate template to create and issue Network Unlock certificates. To create a certificate template: -1. Open the Certificates Template snap-in (certtmpl.msc). -2. Locate the User template. Right-click the template name and select **Duplicate Template**. -3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8 respectively. Ensure the **Show resulting changes** dialog box is selected. -4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the checkbox for the **Publish certificate in Active Directory** option. -5. Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop down menu. Ensure the **Allow private key to be exported** option is selected. -6. Select the **Cryptography** tab. Set the **Minimum key size** to 2048. (Any Microsoft cryptographic provider that supports RSA can be used for this template, but for simplicity and forward compatibility we recommend using the **Microsoft Software Key Storage Provider**.) -7. Select the **Requests must use one of the following providers** option and clear all options except for the cryptography provider you selected, such as the **Microsoft Software Key Storage Provider**. -8. Select the **Subject Name** tab. Select **Supply in the request**. Select **OK** if the certificate templates pop-up dialog appears. -9. Select the **Issuance Requirements** tab. Select both **CA certificate manager approval** and **Valid existing certificate** options. -10. Select the **Extensions** tab. Select **Application Policies** and choose **Edit…**. -11. In the **Edit Application Policies Extension** options dialog box, select **Client Authentication**, **Encrypting File System**, **and Secure Email** and choose **Remove**. -12. On the **Edit Application Policies Extension** dialog box, select **Add**. -13. On the **Add Application Policy** dialog box, select **New**. In the **New Application Policy** dialog box enter the following information in the space provided and then click **OK** to create the BitLocker Network Unlock application policy: +1. Open the certificate template snap-in (`certtmpl.msc`). +2. Locate the user template. Right-click the template name, and then select **Duplicate Template**. +3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to **Windows Server 2012** and **Windows 8**, respectively. Ensure **Show resulting changes** is selected. +4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the check box for **Publish certificate in Active Directory**. +5. Select the **Request Handling** tab. In the **Purpose** drop-down menu, select **Encryption**. Ensure the **Allow private key to be exported** option is selected. +6. Select the **Cryptography** tab. Set the **Minimum key size** to **2048**. (For this template, you can use any Microsoft cryptographic provider that supports RSA. But for simplicity and forward compatibility, we recommend using **Microsoft Software Key Storage Provider**.) +7. Select **Requests must use one of the following providers**. Then clear all options except for your selected cryptography provider, such as the **Microsoft Software Key Storage Provider**. +8. Select the **Subject Name** tab. Select **Supply in the request**. If the certificate templates dialog box appears, select **OK**. +9. Select the **Issuance Requirements** tab. Then select both **CA certificate manager approval** and **Valid existing certificate**. +10. Select the **Extensions** tab. Then select **Application Policies** > **Edit**. +11. In the **Edit Application Policies Extension** dialog box, select **Client Authentication**, **Encrypting File System**, and **Secure Email**. Then choose **Remove**. +12. In the **Edit Application Policies Extension** dialog box, select **Add**. +13. In the **Add Application Policy** dialog box, select **New**. In the **New Application Policy** dialog box, enter the following information in the space provided, and then select **OK** to create the BitLocker Network Unlock application policy. - - **Name:** **BitLocker Network Unlock** - - **Object Identifier:** **1.3.6.1.4.1.311.67.1.1** + - **Name**: **BitLocker Network Unlock** + - **Object Identifier**: **1.3.6.1.4.1.311.67.1.1** -14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**. -15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog, select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option. +14. Select the newly created **BitLocker Network Unlock** application policy, and then select **OK**. +15. With the **Extensions** tab still open, select **Edit Key Usage Extension**, and then select **Allow key exchange only with key encryption (key encipherment)**. Then select **Make this extension critical**. 16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission. 17. Select **OK** to complete configuration of the template. -To add the Network Unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate. +To add the Network Unlock template to the certificate authority, open the certificate authority snap-in (`certsrv.msc`). Right-click **Certificate Templates**, and then choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate. -After adding the Network Unlock template to the Certification Authority, this certificate can be used to configure BitLocker Network Unlock. +After you add the Network Unlock template to the certificate authority, you can use this certificate to configure BitLocker Network Unlock. -### Create the Network Unlock certificate +### Create the Network Unlock certificate -Network Unlock can use imported certificates from an existing PKI infrastructure, or you can use a self-signed certificate. +Network Unlock can use imported certificates from an existing public key infrastructure (PKI). Or it can use a self-signed certificate. -To enroll a certificate from an existing certification authority (CA), do the following: +To enroll a certificate from an existing certificate authority: -1. Open Certificate Manager on the WDS server using **certmgr.msc** -2. Under the Certificates - Current User item, right-click Personal -3. Select All Tasks, then **Request New Certificate** -4. Select **Next** when the Certificate Enrollment wizard opens -5. Select Active Directory Enrollment Policy -6. Choose the certificate template created for Network Unlock on the Domain controller and select **Enroll**. When prompted for more information, add the following attribute to the certificate: +1. On the WDS server, open Certificate Manager by using `certmgr.msc`. +2. Under **Certificates - Current User**, right-click **Personal**. +3. Select **All Tasks** > **Request New Certificate**. +4. When the Certificate Enrollment wizard opens, select **Next**. +5. Select **Active Directory Enrollment Policy**. +6. Choose the certificate template that was created for Network Unlock on the domain controller. Then select **Enroll**. +1. When you're prompted for more information, select **Subject Name** and provide a friendly name value. Your friendly name should include information for the domain or organizational unit for the certificate. Here's an example: *BitLocker Network Unlock Certificate for Contoso domain*. +7. Create the certificate. Ensure the certificate appears in the **Personal** folder. +8. Export the public key certificate for Network Unlock: - - Select the **Subject Name** pane and provide a friendly name value. It is suggested that this friendly name include information for the domain or organizational unit for the certificate. For example "BitLocker Network Unlock Certificate for Contoso domain" - -7. Create the certificate. Ensure the certificate appears in the Personal folder. -8. Export the public key certificate for Network Unlock - - 1. Create a .cer file by right-clicking the previously created certificate, choosing **All Tasks**, then **Export**. + 1. Create a *.cer* file by right-clicking the previously created certificate and choosing **All Tasks** > **Export**. 2. Select **No, do not export the private key**. - 3. Select **DER encoded binary X.509** and complete exporting the certificate to a file. - 4. Give the file a name such as BitLocker-NetworkUnlock.cer. - -9. Export the public key with a private key for Network Unlock - - 1. Create a .pfx file by right-clicking the previously created certificate, choosing **All Tasks**, then **Export**. + 3. Select **DER encoded binary X.509**, and then finish exporting the certificate to a file. + 4. Give the file a name, such as *BitLocker-NetworkUnlock.cer*. +9. Export the public key with a private key for Network Unlock: + 1. Create a *.pfx* file by right-clicking the previously created certificate. Then choose **All Tasks** > **Export**. 2. Select **Yes, export the private key**. - 3. Complete the wizard to create the .pfx file. + 3. Complete the steps to create the *.pfx* file. -To create a self-signed certificate, you can either use the New-SelfSignedCertificate cmdlet in Windows PowerShell or use Certreq. +To create a self-signed certificate, either use the `New-SelfSignedCertificate` cmdlet in Windows PowerShell or use `certreq`. -Windows PowerShell example: +Here's a Windows PowerShell example: ```powershell New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt,Sign -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") ``` -Certreq example: +Here's a `certreq` example: -1. Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf. +1. Create a text file that has an *.inf* extension. For example, *notepad.exe* *BitLocker-NetworkUnlock.inf*. 2. Add the following contents to the previously created file: ```ini @@ -216,176 +206,183 @@ Certreq example: _continue_ = "1.3.6.1.4.1.311.67.1.1" ``` -3. Open an elevated command prompt and use the certreq tool to create a new certificate using the following command, specifying the full path to the file created previously, along with the file name: +3. Open an elevated command prompt and use the `certreq` tool to create a new certificate. Use the following command, specifying the full path to the file that you created previously. Also specify the file name. ```cmd certreq -new BitLocker-NetworkUnlock.inf BitLocker-NetworkUnlock.cer ``` -4. Verify the previous command properly created the certificate by confirming the .cer file exists. -5. Launch Certificates - Local Machine by running **certlm.msc**. -6. Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file. +4. Verify the previous command properly created the certificate by confirming the *.cer* file exists. +5. Launch **Certificates - Local Machine** by running `certlm.msc`. +6. Create a *.pfx* file by opening the *Certificates – Local Computer\\Personal\\Certificates* path in the navigation pane. Right-click the previously imported certificate, and then select **All Tasks** > **Export**. Follow through the steps to create the *.pfx* file. -### Deploy the private key and certificate to the WDS server +### Deploy the private key and certificate to the WDS server -With the certificate and key created, deploy them to the infrastructure to properly unlock systems. To deploy the certificates, do the following: +Now that you've created the certificate and key, deploy them to the infrastructure to properly unlock systems. To deploy the certificates: -1. On the WDS server, open a new MMC and add the certificates snap-in. Select the computer account and local computer when given the options. -2. Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**. -3. In the **File to Import** dialog, choose the .pfx file created previously. -4. Enter the password used to create the .pfx and complete the wizard. +1. On the WDS server, open a new Microsoft Management Console (MMC), and then add the certificates snap-in. When you're prompted, select the computer account and local computer. +2. Right-click **Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock**, and then choose **All Tasks** > **Import**. +3. In the **File to Import** dialog box, choose the *.pfx* file that you created previously. +4. Enter the password that you used to create the *.pfx* file, and finish the steps. ### Configure Group Policy settings for Network Unlock -With certificate and key deployed to the WDS server for Network Unlock, the final step is to use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group Policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console. +You've now deployed the certificate and key to the WDS server for Network Unlock. In the final step, you'll use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock by using the Network Unlock key. Find Group Policy settings for BitLocker in *\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption* by using the Local Group Policy Editor or the MMC. -The following steps describe how to enable the Group Policy setting that is a requirement for configuring Network Unlock. +To enable the Group Policy setting that's required to configure Network Unlock: -1. Open Group Policy Management Console (gpmc.msc). -2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** or **Allow startup PIN with TPM** option. +1. Open Group Policy Management Console (`gpmc.msc`). +2. Enable the policy **Require additional authentication at startup**, and then select **Require startup PIN with TPM** or **Allow startup PIN with TPM**. 3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. -The following steps describe how to deploy the required Group Policy setting: +To deploy the required Group Policy setting: > [!NOTE] > The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012. -1. Copy the .cer file created for Network Unlock to the domain controller. -2. On the domain controller, launch Group Policy Management Console (gpmc.msc). +1. Copy the *.cer* file that you created for Network Unlock to the domain controller. +2. On the domain controller, open Group Policy Management Console (`gpmc.msc`). 3. Create a new Group Policy Object or modify an existing object to enable the **Allow network unlock at startup** setting. 4. Deploy the public certificate to clients: - 1. Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**. - 2. Right-click the folder and choose **Add Network Unlock Certificate**. - 3. Follow the wizard steps and import the .cer file that was copied earlier. + 1. In Group Policy Management Console, go to *Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate*. + 2. Right-click the folder, and then choose **Add Network Unlock Certificate**. + 3. Follow the steps and import the *.cer* file that you copied earlier. -> [!NOTE] -> Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. + > [!NOTE] + > Only one network unlock certificate can be available at a time. If you need a new certificate, delete the current certificate before you deploy a new one. The Network Unlock certificate is located in the *HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP* key on the client computer. -5. Reboot the clients after deploying the group policy. +5. Reboot the clients after you deploy the Group Policy. > [!NOTE] - > The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store. + > The **Network (Certificate Based)** protector is added only after a reboot where the policy is enabled and a valid certificate is present in the FVE_NKP store. -### Subnet policy configuration files on WDS Server (Optional) +### Subnet policy configuration files on the WDS server (optional) -By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which subnet(s) Network Unlock clients can use to unlock. +By default, the server unlocks clients that have the correct Network Unlock certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP. You can create a subnet policy configuration file on the WDS server to limit the subnets that Network Unlock clients can use for unlocking. -The configuration file, called bde-network-unlock.ini, must be located in the same directory as the Network Unlock provider DLL (%windir%\System32\Nkpprov.dll) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider will fail and stop responding to requests. +The configuration file, called *bde-network-unlock.ini*, must be located in the same directory as the Network Unlock provider dynamic-link library (*%windir%\System32\Nkpprov.dll*). The configuration file applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, then the provider fails and stops responding to requests. -The subnet policy configuration file must use a “\[SUBNETS\]” section to identify the specific subnets. The named subnets may then be used to specify restrictions in certificate subsections. Subnets are defined as simple name-value pairs, in the common INI format, where each subnet has its own line, with the name on the left of the equals sign, and the subnet identified on the right of the equal sign as a Classless Inter-Domain Routing (CIDR) address or range. The key word “ENABLED” is disallowed for subnet names. +The subnet policy configuration file must use a `[SUBNETS]` section to identify the specific subnets. You can then use the named subnets to specify restrictions in certificate subsections. + +Subnets are defined as simple name-value pairs, in the common INI format. In this format, each subnet has its own line. The name is on the left of the equals sign. The subnet on the right of the equals sign is a Classless Interdomain Routing (CIDR) address or range. The keyword `ENABLED` is disallowed for subnet names. ```ini [SUBNETS] -SUBNET1=10.185.250.0/24 ; comment about this subrange could be here, after the semi-colon +SUBNET1=10.185.250.0/24 ; a comment about this subrange could be here, after the semicolon SUBNET2=10.185.252.200/28 SUBNET3= 2001:4898:a:2::/64 ; an IPv6 subnet SUBNET4=2001:4898:a:3::/64; in production, the admin would likely give more useful names, like BUILDING9-EXCEPT-RECEP. ``` -Following the \[SUBNETS\] section, there can be sections for each Network Unlock certificate, identified by the certificate thumbprint formatted without any spaces, which define subnets clients can be unlocked from with that certificate. +Following the `[SUBNETS]` section are sections for each Network Unlock certificate. A certificate is identified by the certificate thumbprint, which is formatted without any spaces. These sections define subnet clients that you can unlock by using that certificate. > [!NOTE] -> When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint the subnet configuration will fail because the thumbprint will not be recognized as valid. +> When you specify the certificate thumbprint, don't include spaces. Thumbprints that include spaces aren't recognized as valid. The spaces will cause the subnet configuration to fail. -Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnet is listed in a certificate section, then only those subnets listed are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section. -Subnet lists are created by putting the name of a subnet from the \[SUBNETS\] section on its own line below the certificate section header. Then, the server will only unlock clients with this certificate on the subnet(s) specified as in the list. For troubleshooting, a subnet can be quickly excluded without deleting it from the section by simply commenting it out with a prepended semi-colon. +Each certificate section defines subnet restrictions by denoting the allowed list of permitted subnets. If any subnets are listed in a certificate section, then only those subnets are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate has no section in the subnet policy configuration file, then no subnet unlocking restrictions are applied for that certificate. + +So to apply restrictions to every certificate, you must add a certificate section for every Network Unlock certificate on the server. And you must add an explicit allow list set for each certificate section. + +Create subnet lists by putting the name of a subnet from the `[SUBNETS]` section on its own line below the certificate section header. Then, the server will unlock clients that have this certificate only on the subnets that the list specifies. + +To troubleshoot, you can quickly exclude a subnet without deleting it from the section. Just comment it out by using a prepended semicolon. ```ini [2158a767e1c14e88e27a4c0aee111d2de2eafe60] ;Comments could be added here to indicate when the cert was issued, which Group Policy should get it, and so on. -;This list shows this cert is only allowed to unlock clients on SUBNET1 and SUBNET3 subnets. In this example, SUBNET2 is commented out. +;This list shows this cert is allowed to unlock clients only on the SUBNET1 and SUBNET3 subnets. In this example, SUBNET2 is commented out. SUBNET1 ;SUBNET2 SUBNET3 ``` -To disallow the use of a certificate altogether, its subnet list may contain the line “DISABLED". +To disallow the use of a certificate altogether, add a `DISABLED` line to its subnet list. -## Turning off Network Unlock +## Turn off Network Unlock -To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors the **Allow Network Unlock at startup** Group Policy setting should be disabled. When this policy setting is updated to disabled on client computers any Network Unlock key protectors on the computer will be deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. +To turn off the unlock server, you can unregister the PXE provider from the WDS server or uninstall it altogether. However, to stop clients from creating Network Unlock protectors, you should disable the **Allow Network Unlock at startup** Group Policy setting. When you disable this policy setting on client computers, any Network Unlock key protectors on the computer are deleted. Alternatively, you can delete the BitLocker Network Unlock certificate policy on the domain controller to accomplish the same task for an entire domain. > [!NOTE] -> Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. +> Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server's ability to respond to unlock requests for that certificate. However, this condition is seen as an error. It's not a supported or recommended method for turning off the Network Unlock server. -## Update Network Unlock certificates +## Update Network Unlock certificates -To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller. +To update the certificates that Network Unlock uses, administrators need to import or generate the new certificate for the server. Then they must update the Network Unlock certificate Group Policy setting on the domain controller. > [!NOTE] -> Servers that do not receive the Group Policy Object (GPO) will require a PIN when booting. In such cases, the reason why the server did not receive the GPO to update the certificate needs to be investigated. +> Servers that don't receive the Group Policy Object (GPO) will require a PIN when they boot. In such cases, find out why the server didn't receive the GPO to update the certificate. ## Troubleshoot Network Unlock -Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue will be the root cause of the failure. Items to verify include: +To troubleshoot Network Unlock problems, begin by verifying the environment. Often, a small configuration issue is the root cause of the failure. Verify these items: -- Verify client hardware is UEFI-based and is on firmware version is 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. -- All required roles and services are installed and started -- Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer. -- Group policy for Network Unlock is enabled and linked to the appropriate domains. -- Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. -- Verify the clients were rebooted after applying the policy. -- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the local computer: +- Client hardware is based on UEFI and uses firmware version 2.3.1, and the UEFI firmware is in native mode and has no compatibility support module (CSM) for BIOS mode enabled. Verify this configuration by ensuring that the firmware has no enabled option such as **Legacy mode** or **Compatibility mode** and that the firmware doesn't appear to be in a BIOS-like mode. +- All required roles and services are installed and started. +- Public and private certificates have been published and are in the proper certificate containers. Verify the presence of the Network Unlock certificate by using Microsoft Management Console (*MMC.exe*) on the WDS server. The certificate snap-ins for the local computer should be enabled. Verify the client certificate by checking the registry key *HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP* on the client computer. +- Group Policy for Network Unlock is enabled and linked to the appropriate domains. +- Group Policy is reaching the clients properly. Verify this functionality by using the *GPRESULT.exe* utility or the *RSOP.msc* utility. +- The clients were rebooted after the policy was applied. +- The **Network (Certificate Based)** protector is listed on the client. Check for this protector by using either `manage-bde` or Windows PowerShell cmdlets. For example, the following command lists the key protectors that are currently configured on drive C on the local computer. ```powershell manage-bde -protectors -get C: ``` > [!NOTE] - > Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock + > Use the output of `manage-bde` along with the WDS debug log to determine whether the proper certificate thumbprint is being used for Network Unlock. -Files to gather when troubleshooting BitLocker Network Unlock include: +Gather the following files to troubleshoot BitLocker Network Unlock. -1. The Windows event logs. Specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log +- The Windows event logs. Specifically, get the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log. - Debug logging is turned off by default for the WDS server role, so you will need to enable it first. You can use either of the following two methods to turn on WDS debug logging. + Debug logging is turned off by default for the WDS server role, so you need to enable it before you can retrieve it. Use either of the following two methods to turn on WDS debug logging. - 1. Start an elevated command prompt and run the following command: + - Start an elevated command prompt, and then run the following command: ```cmd wevtutil sl Microsoft-Windows-Deployment-Services-Diagnostics/Debug /e:true ``` - 2. Open Event Viewer on the WDS server. + - Open Event Viewer on the WDS server: - In the left pane, click **Applications and Services Logs**, click **Microsoft**, click **Windows**, click **Deployment-Services-Diagnostics**, and then click **Debug**. + 1. In the left pane, select **Applications and Services Logs** > **Microsoft** > **Windows** > **Deployment-Services-Diagnostics** > **Debug**. + 1. In the right pane, select **Enable Log**. - In the right pane, click **Enable Log**. - -2. The DHCP subnet configuration file (if one exists). -3. The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell. -4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address. +- The DHCP subnet configuration file (if one exists). +- The output of the BitLocker status on the volume. Gather this output into a text file by using `manage-bde -status`. Or in Windows PowerShell, use `Get-BitLockerVolume`. +- The Network Monitor capture on the server that hosts the WDS role, filtered by client IP address. ## Configure Network Unlock Group Policy settings on earlier versions -Network Unlock and the accompanying Group Policy settings were introduced in Windows Server 2012 but can be deployed using operating systems running Windows Server 2008 R2 and Windows Server 2008. +Network Unlock and the accompanying Group Policy settings were introduced in Windows Server 2012. But you can deploy them by using operating systems that run Windows Server 2008 R2 and Windows Server 2008. -**Requirements** +Your system must meet these requirements: -- The server hosting WDS must be running any of the server operating systems designated in the **Applies To** list at the beginning of this topic. -- Client computers must be running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. +- The server that hosts WDS must be running a server operating system that's designated in the "Applies to" list at the beginning of this article. +- Client computers must be running a client operating system that's designated in the "Applies to" list at the beginning of this article. -The following steps can be used to configure Network Unlock on these older systems. +Follow these steps to configure Network Unlock on these older systems. -1. [Install the WDS Server role](#bkmk-installwdsrole) -2. [Confirm the WDS Service is running](#bkmk-confirmwdsrunning) -3. [Install the Network Unlock feature](#bkmk-installnufeature) -4. [Create the Network Unlock certificate](#bkmk-createcert) -5. [Deploy the private key and certificate to the WDS server](#bkmk-deploycert) +1. [Install the WDS server role.](#bkmk-installwdsrole) +2. [Confirm the WDS service is running.](#bkmk-confirmwdsrunning) +3. [Install the Network Unlock feature.](#bkmk-installnufeature) +4. [Create the Network Unlock certificate.](#bkmk-createcert) +5. [Deploy the private key and certificate to the WDS server.](#bkmk-deploycert) 6. Configure registry settings for Network Unlock: - Apply the registry settings by running the following certutil script (assuming your network unlock certificate file is called **BitLocker-NetworkUnlock.cer**) on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. -```console - certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v OSManageNKP /t REG_DWORD /d 1 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseAdvancedStartup /t REG_DWORD /d 1 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UsePIN /t REG_DWORD /d 2 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMPIN /t REG_DWORD /d 2 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPM /t REG_DWORD /d 2 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKey /t REG_DWORD /d 2 /f - reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 2 /f -``` + Apply the registry settings by running the following `certutil` script (assuming your Network Unlock certificate file is called *BitLocker-NetworkUnlock.cer*) on each computer that runs a client operating system that's designated in the "Applies to" list at the beginning of this article. -7. Set up a TPM protector on the clients -8. Reboot the clients to add the Network (Certificate Based) protector + ```console + certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v OSManageNKP /t REG_DWORD /d 1 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseAdvancedStartup /t REG_DWORD /d 1 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UsePIN /t REG_DWORD /d 2 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMPIN /t REG_DWORD /d 2 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPM /t REG_DWORD /d 2 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKey /t REG_DWORD /d 2 /f + reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 2 /f + ``` + +7. Set up a TPM protector on the clients. +8. Reboot the clients to add the **Network (Certificate Based)** protector. ## See also diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index f37748f9d5..8913e9025c 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -266,29 +266,17 @@ Affected file types include executable files (such as .exe, .dll, or .scr) and s These settings require [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus). -1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). -2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. - - ![Create device configuration profile](images/create-device-configuration-profile.png) - +1. Sign in to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). +2. Click **Devices** > **Windows** > **Configuration Policies** > **Create profile**. +![Create device configuration profile](images/create-device-configuration-profile.png) 3. Use the following settings: - - - Name: Type a name for the profile - - Description: Type a description - - Platform: Windows 10 or later - - Profile type: Endpoint protection - - ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) - -4. Click **Configure** > **Windows Defender Exploit Guard** > **Attack Surface Reduction**. - + - Platform: Windows 10 and later + - Profile type: Device restrictions + ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) +4. Click **Create**. 5. For **Unsigned and untrusted processes that run from USB**, choose **Block**. - ![Block untrusted processes](images/block-untrusted-processes.png) - -6. Click **OK** to close **Attack Surface Reduction**, **Windows Defender Exploit Guard**, and **Endpoint protection**. - -7. Click **Create** to save the profile. +6. Click **OK** to close settings and **Device restrictions**. ### Protect against Direct Memory Access (DMA) attacks diff --git a/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png b/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png index 1b6d4aa708..4b8c80fdd7 100644 Binary files a/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png and b/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png differ diff --git a/windows/security/threat-protection/device-control/images/create-profile.png b/windows/security/threat-protection/device-control/images/create-profile.png index ada168228e..b0b7eb7237 100644 Binary files a/windows/security/threat-protection/device-control/images/create-profile.png and b/windows/security/threat-protection/device-control/images/create-profile.png differ diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 8dc3221ed3..fdec65680d 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -196,7 +196,7 @@ Value | Description **5.** | If present, NX protections are available. **6.** | If present, SMM mitigations are available. **7.** | If present, Mode Based Execution Control is available. - +**8.** | If present, APIC virtualization is available. #### InstanceIdentifier @@ -227,6 +227,7 @@ Value | Description **1.** | If present, Windows Defender Credential Guard is configured. **2.** | If present, HVCI is configured. **3.** | If present, System Guard Secure Launch is configured. +**4.** | If present, SMM Firmware Measurement is configured. #### SecurityServicesRunning @@ -238,6 +239,7 @@ Value | Description **1.** | If present, Windows Defender Credential Guard is running. **2.** | If present, HVCI is running. **3.** | If present, System Guard Secure Launch is running. +**4.** | If present, SMM Firmware Measurement is running. #### Version diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md index 1be93dc8a6..1485e83d0a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 11/18/2020 +ms.date: 12/28/2020 ms.reviewer: manager: dansimp --- @@ -113,7 +113,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor > [!NOTE] > Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md). - The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md). + The Windows event log will also show [Windows Defender client event ID 1116](troubleshoot-microsoft-defender-antivirus.md). ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md index a7990f4bca..172fb7952f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md @@ -10,7 +10,7 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 11/18/2020 +ms.date: 12/28/2020 ms.reviewer: jesquive manager: dansimp --- @@ -84,11 +84,10 @@ See the [Download and unpackage](#download-and-unpackage-the-latest-updates) sec Now you can get started on downloading and installing new updates. We’ve created a sample PowerShell script for you below. This script is the easiest way to download new updates and get them ready for your VMs. You should then set the script to run at a certain time on the management machine by using a scheduled task (or, if you’re familiar with using PowerShell scripts in Azure, Intune, or SCCM, you could also use those scripts). ```PowerShell -$vdmpathbase = 'c:\wdav-update\{00000000-0000-0000-0000-' +$vdmpathbase = "$env:systemdrive\wdav-update\{00000000-0000-0000-0000-" $vdmpathtime = Get-Date -format "yMMddHHmmss" $vdmpath = $vdmpathbase + $vdmpathtime + '}' $vdmpackage = $vdmpath + '\mpam-fe.exe' -$args = @("/x") New-Item -ItemType Directory -Force -Path $vdmpath | Out-Null diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md index 23c85194d0..fb9db59528 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium +ms.localizationpriority: high author: denisebmsft ms.author: deniseb ms.date: 12/16/2020 diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index d01a2ef115..a84686a871 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -48,7 +48,7 @@ Enterprise administrators running Application Guard under managed mode should fi From there, the steps for installing the extension are similar whether Application Guard is running in managed or standalone mode. 1. On the local device, download and install the Application Guard extension for Google [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and/or Mozilla [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). -1. Install the [Windows Defender Application Guard companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8#activetab=pivot:overviewtab) from the Microsoft Store. This companion app enables Application Guard to work with web browsers other than Microsoft Edge or Internet Explorer. +1. Install the [Microsoft Defender Application Guard companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8#activetab=pivot:overviewtab) from the Microsoft Store. This companion app enables Application Guard to work with web browsers other than Microsoft Edge or Internet Explorer. 1. Restart the device. ### Recommended browser group policies diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md index 94849b6b18..2cb1370de1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description @@ -54,7 +59,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ```http -POST https://api.securitycenter.windows.com/api/machines/{id}/tags +POST https://api.securitycenter.microsoft.com/api/machines/{id}/tags ``` ## Request headers @@ -84,10 +89,8 @@ If successful, this method returns 200 - Ok response code and the updated Machin Here is an example of a request that adds machine tag. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags Content-type: application/json { "Value" : "test Tag 2", diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index eaa7c56c2f..0668c313a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## Methods @@ -71,7 +76,7 @@ comments | List of Alert comments | Alert Comment is an object that contains: co ### Response example for getting single alert: ``` -GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-292920499 +GET https://api.securitycenter.microsoft.com/api/alerts/da637084217856368682_-292920499 ``` ```json diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 0dfd7bfce2..81f125ba22 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## Get Alerts using a simple PowerShell script @@ -103,8 +107,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application secret here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -142,7 +146,7 @@ $dateTime = (Get-Date).ToUniversalTime().AddHours(-48).ToString("o") # The URL contains the type of query and the time filter we create above # Read more about other query options and filters at Https://TBD- add the documentation link -$url = "https://api.securitycenter.windows.com/api/alerts?`$filter=alertCreationTime ge $dateTime" +$url = "https://api.securitycenter.microsoft.com/api/alerts?`$filter=alertCreationTime ge $dateTime" # Set the WebRequest headers $headers = @{ diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 95525bbf97..44003ec0b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -24,7 +24,7 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 86bfb94779..9bb4eb7102 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -24,7 +24,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] In this section you will learn create a Power BI report on top of Defender for Endpoint APIs. @@ -48,7 +52,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a let AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20", - HuntingUrl = "https://api.securitycenter.windows.com/api/advancedqueries", + HuntingUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries", Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])), @@ -114,7 +118,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a Query = "MachineActions", - Source = OData.Feed("https://api.securitycenter.windows.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) + Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true]) in Source diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index c105db89bb..ba3e749a61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -22,10 +22,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index 0d6949ea0b..b3cb7a04fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -24,7 +24,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Collect investigation package from a device. @@ -49,7 +54,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/collectInvestigationPackage +POST https://api.securitycenter.microsoft.com/api/machines/{id}/collectInvestigationPackage ``` ## Request headers @@ -76,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage +POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage Content-type: application/json { "Comment": "Collect forensics due to alert 1234" diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index a5c286ef37..eefccc5624 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -56,7 +60,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference +POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference ``` ## Request headers @@ -91,10 +95,8 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference +POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference ``` ```json { diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md index 123ce4959e..dfde8bf37e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -45,12 +49,9 @@ Application | Ti.ReadWrite.All | 'Read and write Indicators' ## HTTP request ``` -Delete https://api.securitycenter.windows.com/api/indicators/{id} +Delete https://api.securitycenter.microsoft.com/api/indicators/{id} ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Request headers Name | Type | Description @@ -72,5 +73,5 @@ If Indicator with the specified id was not found - 404 Not Found. Here is an example of the request. ``` -DELETE https://api.securitycenter.windows.com/api/indicators/995 +DELETE https://api.securitycenter.microsoft.com/api/indicators/995 ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index fb00021426..9f93b7365e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user. If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md). @@ -127,9 +131,9 @@ For more information on AAD tokens, see [Azure AD tutorial](https://docs.microso public static class WindowsDefenderATPUtils { - private const string Authority = "https://login.windows.net"; + private const string Authority = "https://login.microsoftonline.com"; - private const string WdatpResourceId = "https://api.securitycenter.windows.com"; + private const string WdatpResourceId = "https://api.securitycenter.microsoft.com"; public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId) { @@ -175,7 +179,7 @@ Verify to make sure you got a correct token: ```csharp var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md index e2de608fbd..cfb61033a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md @@ -25,6 +25,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers. @@ -139,8 +144,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application key here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -172,8 +177,8 @@ return $token string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! - const string authority = "https://login.windows.net"; - const string wdatpResourceId = "https://api.securitycenter.windows.com"; + const string authority = "https://login.microsoftonline.com"; + const string wdatpResourceId = "https://api.securitycenter.microsoft.com"; AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); ClientCredential clientCredential = new ClientCredential(appId, appSecret); @@ -227,7 +232,7 @@ Sanity check to make sure you got a correct token: ``` var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index a7584847f9..f4dc27179e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md). Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). @@ -117,8 +121,8 @@ $tenantId = '' ### Paste your tenant ID here $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application key here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -150,8 +154,8 @@ The following code was tested with NuGet Microsoft.IdentityModel.Clients.ActiveD string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! - const string authority = "https://login.windows.net"; - const string wdatpResourceId = "https://api.securitycenter.windows.com"; + const string authority = "https://login.microsoftonline.com"; + const string wdatpResourceId = "https://api.securitycenter.microsoft.com"; AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/"); ClientCredential clientCredential = new ClientCredential(appId, appSecret); @@ -204,7 +208,7 @@ The following is an example of sending a request to get a list of alerts **using ``` var httpClient = new HttpClient(); - var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts"); + var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index 31142c2936..8100c26890 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -22,8 +22,13 @@ ms.date: 09/24/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Full scenario using multiple APIs from Microsoft Defender for Endpoint. @@ -63,7 +68,7 @@ $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret $suspiciousUrl = 'www.suspiciousUrl.com' # Paste your own URL here $resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -75,7 +80,7 @@ $aadToken = $authResponse.access_token #Get latest alert -$alertUrl = "https://api.securitycenter.windows.com/api/alerts?`$top=10" +$alertUrl = "https://api.securitycenter.microsoft.com/api/alerts?`$top=10" $headers = @{ 'Content-Type' = 'application/json' Accept = 'application/json' @@ -108,7 +113,7 @@ $query = "NetworkCommunicationEvents | where RemoteUrl == `"$suspiciousUrl`" | summarize ConnectionsCount = count() by MachineId" -$queryUrl = "https://api.securitycenter.windows.com/api/advancedqueries/run" +$queryUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" $queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query } $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index 785ac39e0d..e5f0ac91e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -30,9 +30,9 @@ ms.topic: article ### Endpoint URI: -> The service base URI is: https://api.securitycenter.windows.com +> The service base URI is: https://api.securitycenter.microsoft.com > -> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts +> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts ### Versioning: @@ -40,9 +40,14 @@ ms.topic: article > > The current version is **V1.0**. > -> To use a specific version, use this format: `https://api.securitycenter.windows.com/api/{Version}`. For example: `https://api.securitycenter.windows.com/api/v1.0/alerts` +> To use a specific version, use this format: `https://api.securitycenter.microsoft.com/api/{Version}`. For example: `https://api.securitycenter.microsoft.com/api/v1.0/alerts` > -> If you don't specify any version (e.g. https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version. +> If you don't specify any version (e.g. https://api.securitycenter.microsoft.com/api/alerts ) you will get to the latest version. + + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md index b4a487ffbe..8cea855481 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/) @@ -150,14 +154,14 @@ HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev Get all the alerts last updated after 2019-11-22 00:00:00 ```http -HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z +HTTP GET https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts", "value": [ { "id": "da637308392288907382_-880718168", @@ -206,14 +210,14 @@ HTTP GET https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTi Get all the devices with 'High' 'RiskScore' ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High' +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=riskScore+eq+'High' ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -245,14 +249,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=riskScore+ Get top 100 devices with 'HealthStatus' not equals to 'Active' ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -284,14 +288,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=healthStat Get all the devices that last seen after 2018-10-20 ```http -HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z +HTTP GET https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen gt 2018-08-01Z ``` **Response:** ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", @@ -323,14 +327,14 @@ HTTP GET https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint ```http -HTTP GET https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan' +HTTP GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan' ``` **Response:** ```json json{ - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", @@ -355,7 +359,7 @@ json{ Get the count of open alerts for a specific device: ```http -HTTP GET https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved' +HTTP GET https://api.securitycenter.microsoft.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved' ``` **Response:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index 6289c8645b..677387cad1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Represent a file entity in Defender for Endpoint. ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md index 0d640fa36f..b94742b61d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Find a device by internal IP. diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md index 3db35c6164..616dfffb2e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp. @@ -75,8 +79,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) +GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z) ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md index 07ac59b945..210a00624f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves specific [Alert](alerts.md) by its ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md index e9d18d97e7..607206740c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all domains related to a specific alert. @@ -72,10 +76,8 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains +GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/$metadata#Domains", + "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains", "value": [ { "host": "www.example.com" diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index 6e61e17504..f95776b987 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -21,10 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all files related to a specific alert. @@ -72,10 +76,8 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files", "value": [ { "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index 62db50d08a..dd5859b46d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves all IPs related to a specific alert. @@ -73,10 +77,8 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips +GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips ``` **Response** @@ -88,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/$metadata#Ips", + "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips", "value": [ { "id": "104.80.104.128" diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index 98f64ac8d1..ab1cfd8107 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves [Device](machine.md) related to a specific alert. @@ -74,11 +78,8 @@ If successful and alert and device exist - 200 OK. If alert not found or device Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/machine +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine ``` **Response** @@ -90,7 +91,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index 3e96ce7383..c5461ce794 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the User related to a specific alert. @@ -73,11 +77,8 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/user +GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user ``` **Response** @@ -89,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "contoso\\user1", "accountName": "user1", "accountDomain": "contoso", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index a7c825d739..687c2dffa2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of Alerts. @@ -87,9 +91,6 @@ Here is an example of the request. GET https://api.securitycenter.microsoft.com/api/alerts ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - **Response** Here is an example of the response. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index a5cde6e4a0..a076a373b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations +GET https://api.securitycenter.microsoft.com/api/recommendations ``` **Response** @@ -71,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations", "value": [ { "id": "va-_-microsoft-_-windows_10", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index f2de05191d..8839180405 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -23,6 +23,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md). - If the vulnerability has a fixing KB, it will appear in the response. - Supports [OData V4 queries](https://www.odata.org/documentation/). @@ -65,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/vulnerabilities/machinesVulnerabilities +GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities ``` **Response** @@ -75,7 +82,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)", "value": [ { "id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 9847c928d4..d899f7c360 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Vulnerabilities +GET https://api.securitycenter.microsoft.com/api/Vulnerabilities ``` **Response** @@ -71,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities", "value": [ { "id": "CVE-2019-0608", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 7a5a5aacb3..fb60d09e95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -23,9 +23,13 @@ ROBOTS: NOINDEX [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a map of CVE's to KB's and CVE details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 7b6d923818..920e2fab04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -23,11 +23,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) ->[!NOTE] ->If you are a US Gov customer, please refer to API endpoints listed in [here](gov.md#api). - - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. ## Permissions @@ -66,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/configurationScore +GET https://api.securitycenter.microsoft.com/api/configurationScore ``` ### Response @@ -78,7 +80,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ConfigurationScore/$entity", "time": "2019-12-03T09:15:58.1665846Z", "score": 340 } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 5b16a71cfc..14425d3b01 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -21,8 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of discovered vulnerabilities related to a given device ID. @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` ### Response @@ -71,7 +76,7 @@ Here is an example of the response. ``` { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2019-1348", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 26fdbad6f4..2ef6ab2307 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Alerts](alerts.md) related to a given domain address. @@ -74,8 +78,6 @@ If successful and domain exists - 200 OK with list of [alert](alerts.md) entitie Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts +GET https://api.securitycenter.microsoft.com/api/domains/client.wns.windows.com/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md index 5bf5182ede..8c70e05df5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md @@ -21,10 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint(https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address. @@ -75,9 +79,6 @@ If successful and domain exists - 200 OK with list of [machine](machine.md) enti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ```http -GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines +GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index cb49efb465..a1174ffd17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the statistics on the given domain. @@ -71,10 +75,8 @@ If successful and domain exists - 200 OK, with statistics object in the response Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/domains/example.com/stats +GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats", "host": "example.com", "orgPrevalence": "4070", "orgFirstSeen": "2017-07-30T13:23:48Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 43d7ac20e9..2dc25a2049 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] Retrieves the organizational exposure score. @@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/exposureScore +GET https://api.securitycenter.microsoft.com/api/exposureScore ``` ### Response @@ -77,7 +82,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore/$entity", "time": "2019-12-03T07:23:53.280499Z", "score": 33.491554051195706 } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index 61ab343580..c69bbf38e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a [File](files.md) by identifier Sha1, or Sha256 @@ -71,10 +75,8 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 +GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3 ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity", "sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3", "sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462", "globalPrevalence": 180022, diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index d1c53228ac..e9088291e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of alerts related to a given file hash. @@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts +GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index c60f272c69..99313ac5c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Machines](machine.md) related to a given file hash. @@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines +GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index 59f525f594..d81d9b8af3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves the statistics for the given file. @@ -71,10 +75,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats +GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f", "orgPrevalence": "14850", "orgFirstSeen": "2019-12-07T13:44:16Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 293d458f27..09233fa7ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -20,8 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ``` { -"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", +"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software", "value": [ { "id": "microsoft-_-internet_explorer", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md index 296f7c81ce..b58d1ddd9e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of [Investigations](investigation.md). @@ -54,7 +58,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/investigations +GET https://api.securitycenter.microsoft.com/api/investigations ``` ## Request headers @@ -71,30 +75,25 @@ Empty If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Example **Request** Here is an example of a request to get all investigations: - ``` -GET https://api.securitycenter.windows.com/api/investigations +GET https://api.securitycenter.microsoft.com/api/investigations ``` **Response** Here is an example of the response: - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations", "value": [ { "id": "63017", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md index 6953ccabba..866f046908 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + ## API description Retrieves specific [Investigation](investigation.md) by its ID.
ID can be the investigation ID or the investigation triggering alert ID. @@ -50,7 +55,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/investigations/{id} +GET https://api.securitycenter.microsoft.com/api/investigations/{id} ``` ## Request headers diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md index 6d078cbf15..b18a482d19 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -74,9 +78,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts +GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index b58fd359e9..7492cfa46e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -71,10 +75,8 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats +GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats ``` **Response** @@ -86,7 +88,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", "ipAddress": "10.209.67.177", "orgPrevalence": "63515", "orgFirstSeen": "2017-07-30T13:36:06Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md index e7ac39a93c..b3e1d5574a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md @@ -23,9 +23,13 @@ ROBOTS: NOINDEX [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of KB's and KB details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index 30fd9d4263..f46e912d8c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -77,10 +81,8 @@ If machine with the specified ID was not found - 404 Not Found. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07 +GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07 ``` **Response** @@ -92,7 +94,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine", "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", "computerDnsName": "mymachine1.contoso.com", "firstSeen": "2018-08-02T14:55:03.7791856Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 112ed575be..e13a900af5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups +GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups ``` ### Response @@ -75,7 +80,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore", "value": [ { "time": "2019-12-03T09:51:28.214338Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index 55bdffa21c..42ceb10f0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of logged on users on a specific device. @@ -73,10 +77,8 @@ If successful and device exists - 200 OK with list of [user](user.md) entities i Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```http -GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers +GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers ``` **Response** @@ -88,7 +90,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users", "value": [ { "id": "contoso\\user1", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md index 49e6162ab5..86de75298d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md index dc294c9002..da012c1b41 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -50,7 +54,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions/{id} +GET https://api.securitycenter.microsoft.com/api/machineactions/{id} ``` ## Request headers @@ -72,10 +76,8 @@ If successful, this method returns 200, Ok response code with a [Machine Action] Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba +GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity", "id": "5382f7ea-7557-4ab7-9782-d50480024a4e", "type": "Isolate", "scope": "Selective", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md index 026a5fe161..ec9d161528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -54,7 +58,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions +GET https://api.securitycenter.microsoft.com/api/machineactions ``` ## Request headers @@ -77,10 +81,8 @@ If successful, this method returns 200, Ok response code with a collection of [m Here is an example of the request on an organization that has three MachineActions. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/machineactions +GET https://api.securitycenter.microsoft.com/api/machineactions ``` **Response** @@ -92,7 +94,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "69dc3630-1ccc-4342-acf3-35286eec741d", @@ -147,20 +149,18 @@ Content-type: application/json Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. ``` -GET https://api.securitycenter.windows.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 +GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 ``` **Response** Here is an example of the response. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions", "value": [ { "id": "69dc3630-1ccc-4342-acf3-35286eec741d", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md index 93f27a6093..925103b0d1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md @@ -23,9 +23,14 @@ ms.date: 10/07/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) Retrieves a collection of RBAC device groups. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md index 7490907216..8cb9e3c2d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md index bbd94f8b8d..bc0c969c79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "235a2e6278c63fcf85bab9c370396972c58843de", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index aef7e2789a..6c89d74e65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -56,7 +60,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine ## HTTP request ```http -GET https://api.securitycenter.windows.com/api/machines +GET https://api.securitycenter.microsoft.com/api/machines ``` ## Request headers @@ -79,11 +83,8 @@ If successful and machines exists - 200 OK with list of [machine](machine.md) en Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ```http -GET https://api.securitycenter.windows.com/api/machines +GET https://api.securitycenter.microsoft.com/api/machines ``` **Response** @@ -94,7 +95,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines", "value": [ { "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md index aba82de482..4f1d4fedec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieves a collection of devices security states. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index 52846f5bdf..089381bade 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves missing KBs (security updates) by device ID ## HTTP request @@ -54,7 +58,7 @@ If successful, this method returns 200 OK, with the specified device missing kb Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs +GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs ``` ### Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md index 21506f3767..a74bad1490 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves missing KBs (security updates) by software ID @@ -63,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs ``` ### Response diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md index ffd04c4f62..332e875e6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -45,7 +49,7 @@ Delegated (work or school account) | Machine.CollectForensics | 'Collect forensi ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri +GET https://api.securitycenter.microsoft.com/api/machineactions/{machine action id}/getPackageUri ``` ## Request headers @@ -69,7 +73,7 @@ If successful, this method returns 200, Ok response code with object that holds Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri +GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri ``` @@ -77,15 +81,12 @@ GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbc Here is an example of the response. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.String", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String", "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" } diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md index 79fcaae0ff..3666ef7955 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -22,6 +22,13 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] Retrieves a security recommendation by its ID. @@ -60,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome ``` **Response** @@ -69,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations/$entity", "id": "va-_-google-_-chrome", "productName": "chrome", "recommendationName": "Update Chrome", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 079ab2c449..dfec0fb89f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences", "value": [ { "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 0656c420e8..c0adaddae0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", "id": "google-_-chrome", "name": "chrome", "vendor": "google", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 95b525bf6b..9c06a2df8f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -20,9 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2019-13748", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md index 91a19e9c18..1cf2a7793b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -20,9 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations +GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations ``` **Response** @@ -72,7 +76,7 @@ Here is an example of the response. ``` { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations", "value": [ { "id": "va-_-git-scm-_-git", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md index 07550126c1..8c13f1d5da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity", "id": "microsoft-_-edge", "name": "edge", "vendor": "microsoft", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md index 7ae8324de9..2bb098203c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions", "value": [ { "version": "11.0.17134.1039", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md index 6a02de62a0..7629b66bff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Retrieves the organization software inventory. @@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software +GET https://api.securitycenter.microsoft.com/api/Software ``` **Response** @@ -71,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software", "value": [ { "id": "microsoft-_-edge", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md index ea42bf22ac..5cd725bebe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Retrieves a collection of all active [Indicators](ti-indicator.md). @@ -48,11 +52,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators' ## HTTP request ``` -GET https://api.securitycenter.windows.com/api/indicators +GET https://api.securitycenter.microsoft.com/api/indicators ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ## Request headers Name | Type | Description @@ -76,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I Here is an example of a request that gets all Indicators ``` -GET https://api.securitycenter.windows.com/api/indicators +GET https://api.securitycenter.microsoft.com/api/indicators ``` **Response** @@ -87,7 +89,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ { "id": "995", @@ -139,7 +141,7 @@ Content-type: application/json Here is an example of a request that gets all Indicators with 'AlertAndBlock' action ``` -GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock' +GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock' ``` **Response** @@ -150,7 +152,7 @@ Here is an example of the response. HTTP/1.1 200 Ok Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators", "value": [ { "id": "997", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md index bc5b69d9cd..d9af8b76ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md @@ -20,8 +20,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Retrieve a User entity by key (user name). @@ -58,10 +63,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body. Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1 +GET https://api.securitycenter.microsoft.com/api/users/user1 Content-type: application/json ``` @@ -74,7 +77,7 @@ Here is an example of the response. HTTP/1.1 200 OK Content-type: application/json { - "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity", "id": "user1", "firstSeen": "2018-08-02T00:00:00Z", "lastSeen": "2018-08-04T00:00:00Z", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index b6282b18f3..d16cd4cfee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -76,8 +80,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1/alerts +GET https://api.securitycenter.microsoft.com/api/users/user1/alerts ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 33fbf7f79a..88a70fd056 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -77,8 +81,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -GET https://api.securitycenter.windows.com/api/users/user1/machines +GET https://api.securitycenter.microsoft.com/api/users/user1/machines ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index ac266cf40f..abb77af560 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -21,9 +21,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) [!include[Prerelease information](../../includes/prerelease.md)] @@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities ``` **Response** @@ -72,7 +77,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", "value": [ { "id": "CVE-2017-0140", diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index 3e66207db5..df3bc5a56f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -20,8 +20,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608 ``` **Response** @@ -70,7 +76,7 @@ Here is an example of the response. ```json { - "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities/$entity", "id": "CVE-2019-0608", "name": "CVE-2019-0608", "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index ddff7ba6a2..1c89d002cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -109,7 +109,8 @@ Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com`` ## API -Login endpoint: ```https://login.microsoftonline.us``` -Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us``` +- Login endpoint: ```https://login.microsoftonline.us``` + +- Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png index d2f1c35a83..db725b26fa 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png and b/windows/security/threat-protection/microsoft-defender-atp/images/mac-system-extension-filter.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index 683be6e6bf..90bd7b9256 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -79,8 +83,6 @@ If successful, this method returns 201 - Created response code and [Investigatio Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation Content-type: application/json diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 9a079ca9cb..d5a2cf97cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -25,7 +25,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Represent an Automated Investigation entity in Defender for Endpoint.
See [Overview of automated investigations](automated-investigations.md) for more information. diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 98cfaa0d40..7d5d12f3e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate | 'Isolate machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/isolate +POST https://api.securitycenter.microsoft.com/api/machines/{id}/isolate ``` ## Request headers @@ -85,10 +89,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ```console -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate Content-type: application/json { "Comment": "Isolate machine due to alert 1234", diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 9eacf9f1c6..79da63c6c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -1,5 +1,5 @@ --- -title: Microsoft Defender ATP for Mac - System Extensions (Public Preview) +title: Microsoft Defender ATP for Mac - system extensions (Preview) description: This article contains instructions for trying out the system extensions functionality of Microsoft Defender ATP for Mac. This functionality is currently in public preview. keywords: microsoft, defender, atp, mac, kernel, system, extensions, catalina search.product: eADQiWindows 10XVcnh @@ -20,74 +20,73 @@ ms.topic: conceptual ROBOTS: noindex,nofollow --- -# Microsoft Defender for Endpoint for Mac - System Extensions (Public Preview) + +# Microsoft Defender for Endpoint for Mac - system extensions public preview) [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only apply to macOS Catalina (10.15.4) and later versions of macOS. -In alignment with macOS evolution, we are preparing a Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS. - -This functionality is currently in public preview. This article contains instructions for enabling this functionality on your device. You can choose to try out this feature locally on your own device or configure it remotely through a management tool. +This functionality is currently in public preview. This article describes how to enable this functionality on your device. You can try out this feature locally on your own device or configure it remotely through a management tool. These steps assume you already have Defender for Endpoint running on your device. For more information, see [this page](microsoft-defender-atp-mac.md). ## Known issues -- We’ve received reports of the network extension interfering with Apple SSO Kerberos extension. +- We’ve received reports of the network extension interfering with the Apple SSO Kerberos extension. - The current version of the product still installs a kernel extension. The kernel extension is only used as a fallback mechanism and will be removed before this feature reaches public preview. -- We are still working on a product version that deploys and functions properly on macOS 11 Big Sur. +- We're still working on a product version that deploys and functions properly on macOS 11 Big Sur. ## Deployment prerequisites -- Minimum operating system version: **10.15.4** +- Minimum macOS operating system version: **10.15.4** - Minimum product version: **101.03.73** -- Your device must be in the **Insider Fast update channel**. You can check the update channel using the following command: +- Your device must be in the **Insider Fast update channel**. You can check the update channel by using the following command: -```bash -mdatp --health releaseRing -``` + ```bash + mdatp --health releaseRing + ``` -If your device is not already in the Insider Fast update channel, execute the following command from the Terminal. The channel update takes effect next time the product starts (when the next product update is installed or when the device is rebooted). + If your device isn't already in the Insider Fast update channel, execute the following command from the Terminal. The channel update takes effect the next time the product starts (when the next product update is installed, or when the device is rebooted). -```bash -defaults write com.microsoft.autoupdate2 ChannelName -string InsiderFast -``` + ```bash + defaults write com.microsoft.autoupdate2 ChannelName -string InsiderFast + ``` -Alternatively, if you are in a managed environment (JAMF or Intune), you can configure the update channel remotely. For more information, see [this page](mac-updates.md#set-the-channel-name). + Alternatively, if you're in a managed environment (JAMF or Intune), you can configure the update channel remotely. For more information, see [Deploy updates for Microsoft Defender ATP for Mac: Set the channel name](mac-updates.md#set-the-channel-name). ## Deployment steps -Select the deployment steps corresponding to your environment and your preferred method of trying out this feature. +Follow the deployment steps that correspond to your environment and your preferred method of trying out this feature. ### Manual deployment -#### Approve the system extensions & enable the network extension +#### Approve the system extensions and enable the network extension -Once all deployment prerequisites are met, restart your device to start the system extension approval and activation process. +1. After all deployment prerequisites are met, restart your device to launch the system extension approval and activation process. -You will be presented series of system prompts to approve the Defender for Endpoint system extensions. You must approve ALL prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device. +You'll see a series of system prompts to approve the Defender for Endpoint system extensions. You must approve **all** prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device. +For each approval, select **Open Security Preferences** and then select **Allow** to allow the system extension to run. -For each approval, click **Open Security Preferences** and then click **Allow** to allow the system extension to run. + > [!IMPORTANT] + > You must close and reopen the **System Preferences** > **Security & Privacy** window between subsequent approvals. Otherwise, macOS will not display the next approval. -> [!IMPORTANT] -> Between subsequent approvals, you must close and re-open the **System Preferences** > **Security & Privacy** window, otherwise macOS will not display the next approval. + > [!IMPORTANT] + > There is a one-minute timeout before the product falls back to the kernel extension. This ensures that the device is protected. + > + > If more than one minute elapses, restart the daemon by rebooting the device or by using `sudo killall -9 wdavdaemon` to trigger the approval flow again. -> [!IMPORTANT] -> There is a one minute timeout before the product falls back to the kernel extension (to ensure that the device is protected). -> -> If more than one minute has elapsed, restart the daemon (by rebooting the device or using `sudo killall -9 wdavdaemon`) in order to trigger the approval flow again. + ![System extension approval pop-up](images/mac-system-extension-approval.png) -![System extension approval pop-up](images/mac-system-extension-approval.png) + ![System extension approval window](images/mac-system-extension-pref.png) -![System extension approval window](images/mac-system-extension-pref.png) +1. After the system extensions are approved, macOS prompts for an approval to allow network traffic to be filtered. Click **Allow**. -Following the approval of the system extensions, macOS will prompt for an approval to allow network traffic to be filtered. Click **Allow**. - -![Network extension approval pop-up](images/mac-system-extension-filter.png) + ![Network extension approval pop-up](images/mac-system-extension-filter.png) #### Grant Full Disk Access to the Endpoint Security system extension -Open **System Preferences** > **Security & Privacy** > **Privacy** tab and grant **Full Disk Access** to the **Microsoft Defender Endpoint Security Extension**. +Open the **System Preferences** > **Security & Privacy** > **Privacy** tab and grant **Full Disk Access** to the **Microsoft Defender Endpoint Security Extension**. ![Full disk access for Endpoint Security system extension](images/mac-system-extension-fda.png) @@ -107,46 +106,46 @@ Terminal output `endpoint_security_extension` indicates the product is using the ### Managed deployment -Refer to [this page](mac-sysext-policies.md#jamf) for the new configuration profiles that must be deployed for this new feature. +Refer to [New configuration profiles for macOS Catalina and newer versions of macOS: JAMF](mac-sysext-policies.md#jamf) for the new configuration profiles you must deploy for this new feature. -In addition to those profiles, make sure the target devices are also configured to be in the Insider Fast update channel, as described in [this section](#deployment-prerequisites). +In addition to those profiles, make sure to configure the target devices to be in the Insider Fast update channel, as described in [Deployment prerequisites](#deployment-prerequisites). -On a device where all prerequisites are met and the new configuration profiles have been deployed, run: +On a device where all prerequisites are met and the new configuration profiles have been deployed, run the following command: ```bash $ mdatp health --field real_time_protection_subsystem ``` -If this command prints `endpoint_security_extension`, then the product is using the system extensions functionality. +If this command prints `endpoint_security_extension`, the product is using the system extensions functionality. ## Validate basic scenarios -1. Test EICAR detection. From a Terminal window, run: +1. Test European Institute for Computer Antivirus Research (EICAR) detection. From a Terminal window, run the following command: -```bash -curl -o eicar.txt https://secure.eicar.org/eicar.com.txt -``` + ```bash + curl -o eicar.txt https://secure.eicar.org/eicar.com.txt + ``` - Verify that the EICAR file is quarantined. This verification can be done from the user interface (from the Protection History page) or command line using the following command: + Verify that the EICAR file is quarantined. You can verify the file's status on the Protection History page in the user interface, or from a command line by using the following command: -```bash -mdatp threat list -``` + ```bash + mdatp threat list + ``` -2. Test EDR DIY scenario. From a terminal window, run: +2. Test the Endpoint Detection and Response (EDR) DIY scenario. From a terminal window, run the following command: -```bash -curl -o "MDATP MacOS DIY.zip" https://aka.ms/mdatpmacosdiy -``` + ```bash + curl -o "MDATP MacOS DIY.zip" https://aka.ms/mdatpmacosdiy + ``` - Validate that two alerts have popped up in the portal in the machine page for EICAR and EDR DIY scenarios. + Validate that two alerts popped up in the portal on the machine page for EICAR and EDR DIY scenarios. ## Frequently asked questions - Q: Why am I still seeing `kernel_extension` when I run `mdatp health --field real_time_protection_subsystem`? - - A: Refer back to the [Deployment prerequisites](#deployment-prerequisites) section and double-check all of them are met. If all prerequisites are met, restart your device and check again. -- Q: When is macOS 11 Big Sur going to be supported? + A: Refer back to the [Deployment prerequisites](#deployment-prerequisites) section and double-check that all prerequisites are met. If all prerequisites are met, restart your device and check again. - A: We are actively working on adding support for macOS 11. We will post more information to the [What's new](mac-whatsnew.md). +- Q: When will macOS 11 Big Sur be supported? + + A: We are actively working on adding support for macOS 11. We will post more information to the [What's new](mac-whatsnew.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 817ecce65b..ab02cb5c21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md index 94f6a0a86b..4f6e60ca31 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + - For more information, see [Response Actions](respond-machine-alerts.md). | Method | Return Type | Description | diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index a05d99d1d6..1ec715c5e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -44,7 +44,7 @@ Once activated, Microsoft Defender for Endpoint will immediately start forwardin ## View the data collected -To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender for Endpoint data in Microsoft Cloud Apps Security, see [Investigate devices in Cloud App Security](https://docs.microsoft.com/cloud-app-security/mde-integration#investigate-devices-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 98cb4690dd..8605eac87e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -34,7 +34,7 @@ There are some minimum requirements for onboarding devices to the service. Learn > - Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). ## Licensing requirements -Microsoft Defender for Endpoint requires one of the following Microsoft Volume Licensing offers: +Microsoft Defender for Endpoint requires one of the following Microsoft volume licensing offers: - Windows 10 Enterprise E5 - Windows 10 Education A5 @@ -43,8 +43,8 @@ Microsoft Defender for Endpoint requires one of the following Microsoft Volume L - Microsoft 365 A5 (M365 A5) > [!NOTE] -> Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five concurrent devices. -> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). +> Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices. +> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options: @@ -52,9 +52,14 @@ Microsoft Defender for Endpoint, on Windows Server, requires one of the followin - Defender for Endpoint for Servers (one per covered server) > [!NOTE] -> Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Defender for Endpoint for Servers (one per covered Server OSE): Microsoft Defender for Endpoint, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Defender for Endpoint for Linux. +> Customers may acquire server licenses (one per covered server Operating System Environment (OSE)) for Microsoft Defender for Endpoint for Servers if they have a combined minimum of 50 licenses for one or more of the following user licenses: +> +> * Microsoft Defender for Endpoint +> * Windows E5/A5 +> * Microsoft 365 E5/A5 +> * Microsoft 365 E5 Security -For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn the detailed terms and conditions for the product. +For detailed licensing information, see the [Product Terms site](https://www.microsoft.com/licensing/terms/) and work with your account team to learn more about the terms and conditions. For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare). @@ -104,7 +109,7 @@ The hardware requirements for Defender for Endpoint on devices are the same for ### Other supported operating systems - Android -- Linux +- Linux - macOS > [!NOTE] @@ -186,7 +191,7 @@ The Defender for Endpoint agent depends on the ability of Microsoft Defender Ant Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md). -When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode. +When Microsoft Defender Antivirus is not the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode. If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy. diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 8cc6f7bed9..b87d77da37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -55,7 +59,7 @@ Delegated (work or school account) | Machine.Offboard | 'Offboard machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/offboard +POST https://api.securitycenter.microsoft.com/api/machines/{id}/offboard ``` ## Request headers @@ -82,10 +86,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard Content-type: application/json { "Comment": "Offboard machine by automation" diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index ff6119eee4..452f25222e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -22,8 +22,14 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. @@ -56,7 +62,7 @@ You'll need to have access to: 5. Enter the following HTTP fields: - Method: "GET" as a value to get the list of devices. - - URI: Enter `https://api.securitycenter.windows.com/api/machines`. + - URI: Enter `https://api.securitycenter.microsoft.com/api/machines`. - Authentication: Select "Active Directory OAuth". - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value. - Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\` diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index ab2b412ae2..ac9c3929ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -47,12 +51,9 @@ Delegated (work or school account) | Ti.ReadWrite | 'Read and write Indicators' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/indicators +POST https://api.securitycenter.microsoft.com/api/indicators ``` -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ## Request headers Name | Type | Description @@ -88,7 +89,7 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/indicators +POST https://api.securitycenter.microsoft.com/api/indicators Content-type: application/json { "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f", diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index d656f995c8..9587df251a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -22,12 +22,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - - ->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) >[!Note] >- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections. @@ -203,7 +200,7 @@ Here is an example return value: The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API. ```csharp -AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); +AuthenticationContext context = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantId)); ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret); AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult(); ``` @@ -218,7 +215,7 @@ $appId = '' ### Paste your Application ID here $appSecret = '' ### Paste your Application secret here $resourceAppIdUri = 'https://graph.windows.net' -$oAuthUri = "https://login.windows.net/$tenantId/oauth2/token" +$oAuthUri = "https://login.microsoftonline.com/$tenantId/oauth2/token" $authBody = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -237,7 +234,7 @@ tenantId='' ### Paste your tenant ID here appId='' ### Paste your Application ID here appSecret='' ### Paste your Application secret here resourceAppIdUri='https://graph.windows.net' -oAuthUri="https://login.windows.net/$tenantId/oauth2/token" +oAuthUri="https://login.microsoftonline.com/$tenantId/oauth2/token" scriptDir=$(pwd) apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\ diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 4d71206462..6a3c3ce05d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -23,7 +23,12 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md index 414c106934..3c91b9c04c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/restrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/{id}/restrictCodeExecution ``` ## Request headers @@ -79,7 +83,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution Content-type: application/json { "Comment": "Restrict code execution due to alert 1234" diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index ce6887fc58..50b5f9255d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -24,7 +24,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## Limitations 1. You can only run a query on data from the last 30 days. @@ -50,7 +54,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/advancedqueries/run +POST https://api.securitycenter.microsoft.com/api/advancedqueries/run ``` ## Request headers @@ -77,11 +81,8 @@ Request Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - - ``` -POST https://api.securitycenter.windows.com/api/advancedqueries/run +POST https://api.securitycenter.microsoft.com/api/advancedqueries/run Content-type: application/json { "Query":"DeviceProcessEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md index cc1e69bc35..247f300dac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md @@ -21,9 +21,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md). @@ -51,8 +55,8 @@ $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID he $appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here -$resourceAppIdUri = 'https://api.securitycenter.windows.com' -$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token" +$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' +$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $body = [Ordered] @{ resource = "$resourceAppIdUri" client_id = "$appId" @@ -75,7 +79,7 @@ Run the following query: ``` $query = 'RegistryEvents | limit 10' # Paste your own query here -$url = "https://api.securitycenter.windows.com/api/advancedqueries/run" +$url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" $headers = @{ 'Content-Type' = 'application/json' Accept = 'application/json' diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md index c7d5c9e145..7cda7c8cd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md @@ -22,9 +22,13 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md). @@ -46,9 +50,9 @@ tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID her appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here -url = "https://login.windows.net/%s/oauth2/token" % (tenantId) +url = "https://login.microsoftonline.com/%s/oauth2/token" % (tenantId) -resourceAppIdUri = 'https://api.securitycenter.windows.com' +resourceAppIdUri = 'https://api.securitycenter.microsoft.com' body = { 'resource' : resourceAppIdUri, @@ -78,7 +82,7 @@ where ``` query = 'RegistryEvents | limit 10' # Paste your own query here -url = "https://api.securitycenter.windows.com/api/advancedqueries/run" +url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run" headers = { 'Content-Type' : 'application/json', 'Accept' : 'application/json', diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md index 9525f7a282..f2d979889c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md @@ -23,7 +23,11 @@ ms.topic: article **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] ## API description @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.Scan | 'Scan machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/runAntiVirusScan +POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan ``` ## Request headers @@ -87,7 +91,7 @@ If successful, this method returns 201, Created response code and _MachineAction Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan Content-type: application/json { "Comment": "Check machine for viruses due to alert 3212", diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index d911b24cb2..aab54c586f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md index b2a76a6693..98266678c3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md +++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + ## API description Set the device value of a specific [Machine](machine.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 617a6c15ec..a471bd94f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md index a91edcf37d..83727872ac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Stop execution of a file on a device and delete it. @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quara ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile +POST https://api.securitycenter.microsoft.com/api/machines/{id}/StopAndQuarantineFile ``` ## Request headers @@ -80,7 +84,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile Content-type: application/json { "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442", diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md index 2b37172304..39a5774d5c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + - See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. Method|Return Type |Description diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md index ce25cadea3..1ecd70b09d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md @@ -22,9 +22,9 @@ ms.topic: troubleshooting [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) @@ -78,8 +78,8 @@ You'll need to allow the `securitycenter.windows.com` and all subdomains under i ## Portal communication issues If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are allowed and open for communication. -- `*.blob.core.windows.net -crl.microsoft.com` +- `*.blob.core.windows.net` +- `crl.microsoft.com` - `https://*.microsoftonline-p.com` - `https://*.securitycenter.windows.com` - `https://automatediracs-eus-prd.securitycenter.windows.com` diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md index 211e184891..2f5e42faa5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md @@ -26,6 +26,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Undo isolation of a device. @@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate | 'Isolate machine' ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate +POST https://api.securitycenter.microsoft.com/api/machines/{id}/unisolate ``` ## Request headers @@ -80,10 +84,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate Content-type: application/json { "Comment": "Unisolate machine since it was clean and validated" diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md index 49037547d6..ef5ea2434a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Enable execution of any application on the device. @@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code ## HTTP request ``` -POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/{id}/unrestrictCodeExecution ``` ## Request headers @@ -77,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti Here is an example of the request. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ``` -POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution +POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution Content-type: application/json { "Comment": "Unrestrict code execution since machine was cleaned and validated" diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index a62ac7611a..9e142b87bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -25,6 +25,10 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + ## API description Updates properties of existing [Alert](alerts.md). @@ -76,8 +80,6 @@ classification | String | Specifies the specification of the alert. The property determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' comment | String | Comment to be added to the alert. -[!include[Improve request performance](../../includes/improve-request-performance.md)] - ## Response If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found. @@ -89,7 +91,7 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in Here is an example of the request. ``` -PATCH https://api.securitycenter.windows.com/api/alerts/121688558380765161_2136280442 +PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442 Content-Type: application/json { diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index 948460d6a9..8d75aea649 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + Method|Return Type |Description :---|:---|:--- [List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection | List all the alerts that are associated with a [user](user.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index eaaa313b18..924169d5d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -25,6 +25,11 @@ ms.topic: article - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] + +[!include[Improve request performance](../../includes/improve-request-performance.md)] + + [!include[Prerelease information](../../includes/prerelease.md)] ## Methods diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md index 9b9d8baad8..ef53ba233b 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md @@ -34,28 +34,27 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

-Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen -At least Windows Server 2012, Windows 8 or Windows RT +Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

+At least Windows Server 2012, Windows 8 or Windows RT This policy setting turns on Microsoft Defender SmartScreen.

If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen. Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control -Windows 10, version 1703 This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

This setting does not protect against malicious content from USB devices, network shares, or other non-internet sources.

Important: Using a trustworthy browser helps ensure that these protections work as expected.

-Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen +Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen Microsoft Edge on Windows 10 or later This policy setting turns on Microsoft Defender SmartScreen.

If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen. -Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files +Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later)

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files Microsoft Edge on Windows 10, version 1511 or later This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files. -Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites +Windows 10, version 2004:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Microsoft Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later)

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites Microsoft Edge on Windows 10, version 1511 or later This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site. @@ -169,15 +168,15 @@ To better help you protect your organization, we recommend turning on and using Recommendation -Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen +Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later) Enable. Turns on Microsoft Defender SmartScreen. -Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites +Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing Windows Defender SmartScreen prompts for sites (Microsoft Edge version 77 or later) Enable. Stops employees from ignoring warning messages and continuing to a potentially malicious website. -Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files +Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files (Microsoft Edge version 45 and earlier)

Administrative Templates\Microsoft Edge\SmartScreen settings\Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (Microsoft Edge version 77 or later) Enable. Stops employees from ignoring warning messages and continuing to download potentially malicious files. @@ -219,4 +218,3 @@ To better help you protect your organization, we recommend turning on and using - [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md) - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) - diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index c141b00025..5dd9dc063d 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: dansimp -ms.date: 03/01/2019 +ms.date: 12/28/2020 ms.reviewer: manager: dansimp ms.author: dansimp @@ -91,3 +91,6 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic |Modern/Connected Standby|Platforms must support Modern/Connected Standby.| |Platform firmware|Platform firmware must carry all code required to perform a launch.| |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | + +> [!NOTE] +> For more details around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).