diff --git a/.github/workflows/Stale.yml b/.github/workflows/Stale.yml
index 101ee8ba9c..82b6875e28 100644
--- a/.github/workflows/Stale.yml
+++ b/.github/workflows/Stale.yml
@@ -13,7 +13,7 @@ jobs:
stale:
uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod
with:
- RunDebug: true
+ RunDebug: false
RepoVisibility: ${{ github.repository_visibility }}
secrets:
AccessToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index ae406114d7..2fe6bc1844 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -9,7 +9,7 @@ metadata:
author: aczechowski
ms.author: aaroncz
manager: aaroncz
- ms.date: 06/28/2024
+ ms.date: 09/27/2024
ms.topic: landing-page
ms.service: windows-client
ms.subservice: itpro-apps
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 9e6cefb8ae..f1cf07572c 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -4,7 +4,7 @@ description: Learn about per-user services, how to change the template service s
author: aczechowski
ms.author: aaroncz
manager: aaroncz
-ms.date: 12/22/2023
+ms.date: 10/01/2024
ms.topic: how-to
ms.service: windows-client
ms.subservice: itpro-apps
@@ -99,7 +99,7 @@ $services = Get-Service
foreach ( $service in $services ) {
# For each specific service, check if the service type property includes the 64 bit using the bitwise AND operator (-band).
# If the result equals the flag value, then the service is a per-user service.
- if ( ( $service.ServiceType -band $flag ) -eq $flag ) {
+ if ( ( $service.ServiceType -band $flag ) -eq $flag ) {
# When a per-user service is found, then add that service object to the results array.
$serviceList += $service
}
@@ -229,14 +229,14 @@ If you can't use group policy preferences to manage the per-user services, you c
1. The following example includes multiple commands that disable the specified Windows services by changing their **Start** value in the Windows Registry to `4`:
-```cmd
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f
-```
+ ```cmd
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f
+ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f
+ ```
#### Example 2: Use the Registry Editor user interface to edit the registry
@@ -248,7 +248,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
1. Change the **Value data** to `4`.
-:::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4.":::
+ :::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4.":::
#### Example 3: Prevent the creation of per-user services
diff --git a/windows/application-management/sideload-apps-in-windows.md b/windows/application-management/sideload-apps-in-windows.md
index 3779938afc..8daf6b4e76 100644
--- a/windows/application-management/sideload-apps-in-windows.md
+++ b/windows/application-management/sideload-apps-in-windows.md
@@ -4,7 +4,7 @@ description: Learn how to sideload line-of-business (LOB) apps in Windows client
author: aczechowski
ms.author: aaroncz
manager: aaroncz
-ms.date: 12/22/2023
+ms.date: 09/27/2024
ms.topic: how-to
ms.service: windows-client
ms.subservice: itpro-apps
diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md
index 07c68d9f04..1cf28badea 100644
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@@ -1,7 +1,7 @@
---
title: CloudDesktop DDF file
description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the C
99.9.99999
2.0
- 0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;
+ 0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;
@@ -139,7 +139,7 @@ The following XML file contains the device description framework (DDF) for the C
10.0.22621.3374
1.0
- 0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;
+ 0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;
diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md
index 99b94df749..bcb544c636 100644
--- a/windows/client-management/mdm/configuration-service-provider-ddf.md
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@@ -13,7 +13,7 @@ This article lists the OMA DM device description framework (DDF) files for vario
As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
-- [DDF v2 Files, May 2024](https://download.microsoft.com/download/f/6/1/f61445f7-1d38-45f7-bc8c-609b86e4aabc/DDFv2May24.zip)
+- [DDF v2 Files, September 2024](https://download.microsoft.com/download/a/a/a/aaadc008-67d4-4dcd-b864-70c479baf7d6/DDFv2September24.zip)
## DDF v2 schema
@@ -574,7 +574,7 @@ DDF v2 XML schema definition is listed below along with the schema definition fo
## Older DDF files
You can download the older DDF files for various CSPs from the links below:
-
+- [Download all the DDF files for Windows 10 and 11 May 2024](https://download.microsoft.com/download/f/6/1/f61445f7-1d38-45f7-bc8c-609b86e4aabc/DDFv2May24.zip)
- [Download all the DDF files for Windows 10 and 11 September 2023](https://download.microsoft.com/download/0/e/c/0ec027e5-8971-49a2-9230-ec9352bc3ead/DDFv2September2023.zip)
- [Download all the DDF files for Windows 10 and 11 December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 198570987e..9841e9f442 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,7 +1,7 @@
---
title: Defender CSP
description: Learn more about the Defender CSP.
-ms.date: 06/21/2024
+ms.date: 09/27/2024
---
@@ -1289,7 +1289,7 @@ Define data duplication remote location for Device Control. When configuring thi
-Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
+Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled.
@@ -1304,7 +1304,7 @@ Configure how many days can pass before an aggressive quick scan is triggered. T
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | Range: `[7-60]` |
-| Default Value | 25 |
+| Default Value | 30 |
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index f286ba947c..2055d5bdf0 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,7 +1,7 @@
---
title: Defender DDF file
description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
---
@@ -2373,8 +2373,8 @@ The following XML file contains the device description framework (DDF) for the D
- 25
- Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
+ 30
+ Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled.
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index e269946643..4d6dc724a9 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,7 +1,7 @@
---
title: Firewall CSP
description: Learn more about the Firewall CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -2221,7 +2221,7 @@ Specifies the friendly name of the firewall rule.
-Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule.
+Specifies one App Control tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule.
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index 0e5e7d5b2d..76508deef5 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -1,7 +1,7 @@
---
title: LAPS CSP
description: Learn more about the LAPS CSP.
-ms.date: 06/21/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 06/21/2024
# LAPS CSP
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings).
@@ -432,7 +430,7 @@ If the specified user or group account is invalid the device will fallback to us
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -488,7 +486,7 @@ If not specified, this setting defaults to False.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -543,7 +541,7 @@ If not specified, this setting defaults to False.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -587,7 +585,7 @@ If not specified, this setting will default to "WLapsAdmin".
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -643,7 +641,7 @@ If not specified, this setting defaults to False.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -759,7 +757,7 @@ If not specified, this setting will default to 0.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index 5d06e470a6..d32a646434 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
---
@@ -327,7 +327,7 @@ This setting has a maximum allowed value of 10 words.
- 99.9.9999
+ 10.0.26100
1.1
@@ -690,7 +690,7 @@ If not specified, this setting defaults to False.
- 99.9.9999
+ 10.0.26100
1.1
@@ -736,7 +736,7 @@ If not specified, this setting will default to 1.
- 99.9.9999
+ 10.0.26100
1.1
@@ -791,7 +791,7 @@ If not specified, this setting will default to "WLapsAdmin".
- 99.9.9999
+ 10.0.26100
1.1
@@ -839,7 +839,7 @@ If not specified, this setting defaults to False.
- 99.9.9999
+ 10.0.26100
1.1
@@ -897,7 +897,7 @@ If not specified, this setting defaults to False.
- 99.9.9999
+ 10.0.26100
1.1
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 052f60bfcd..6cf4a75b50 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,7 +1,7 @@
---
title: Personalization DDF file
description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
10.0.16299
1.0
- 0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index c0c0fd2588..826ef1ac3b 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -137,7 +137,6 @@ ms.date: 02/03/2023
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#configuredeadlineforfeatureupdates) 11
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#configuredeadlineforqualityupdates) 11
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#configuredeadlinegraceperiod) 11
-- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#configuredeadlinenoautoreboot) 11
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#managepreviewbuilds)
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
index 0ad7b632c3..2c62565783 100644
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -1,7 +1,7 @@
---
title: Configuration service provider preview policies
description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
---
@@ -17,6 +17,7 @@ This article lists the policies that are applicable for Windows Insider Preview
- [TurnOffInstallTracing](policy-csp-appdeviceinventory.md#turnoffinstalltracing)
- [TurnOffAPISamping](policy-csp-appdeviceinventory.md#turnoffapisamping)
- [TurnOffApplicationFootprint](policy-csp-appdeviceinventory.md#turnoffapplicationfootprint)
+- [TurnOffWin32AppBackup](policy-csp-appdeviceinventory.md#turnoffwin32appbackup)
## ClientCertificateInstall CSP
@@ -28,15 +29,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens)
- [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode)
-## Cryptography
-
-- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography)
-- [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection)
-- [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient)
-- [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver)
-- [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient)
-- [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver)
-
## DeclaredConfiguration CSP
- [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument)
@@ -47,23 +39,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn)
- [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords)
-## DesktopAppInstaller
-
-- [EnableWindowsPackageManagerCommandLineInterfaces](policy-csp-desktopappinstaller.md#enablewindowspackagemanagercommandlineinterfaces)
-- [EnableWindowsPackageManagerConfiguration](policy-csp-desktopappinstaller.md#enablewindowspackagemanagerconfiguration)
-
-## DeviceLock
-
-- [MaximumPasswordAge](policy-csp-devicelock.md#maximumpasswordage)
-- [ClearTextPassword](policy-csp-devicelock.md#cleartextpassword)
-- [PasswordComplexity](policy-csp-devicelock.md#passwordcomplexity)
-- [PasswordHistorySize](policy-csp-devicelock.md#passwordhistorysize)
-- [AccountLockoutPolicy](policy-csp-devicelock.md#accountlockoutpolicy)
-- [AllowAdministratorLockout](policy-csp-devicelock.md#allowadministratorlockout)
-- [MinimumPasswordLength](policy-csp-devicelock.md#minimumpasswordlength)
-- [MinimumPasswordLengthAudit](policy-csp-devicelock.md#minimumpasswordlengthaudit)
-- [RelaxMinimumPasswordLengthLimits](policy-csp-devicelock.md#relaxminimumpasswordlengthlimits)
-
## DevicePreparation CSP
- [PageEnabled](devicepreparation-csp.md#pageenabled)
@@ -84,12 +59,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [Cadence](dmclient-csp.md#deviceproviderprovideridconfigrefreshcadence)
- [PausePeriod](dmclient-csp.md#deviceproviderprovideridconfigrefreshpauseperiod)
-## Experience
-
-- [AllowScreenRecorder](policy-csp-experience.md#allowscreenrecorder)
-- [EnableOrganizationalMessages](policy-csp-experience.md#enableorganizationalmessages)
-- [DisableTextTranslation](policy-csp-experience.md#disabletexttranslation)
-
## FileSystem
- [EnableDevDrive](policy-csp-filesystem.md#enabledevdrive)
@@ -99,13 +68,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [AttestErrorMessage](healthattestation-csp.md#attesterrormessage)
-## HumanPresence
-
-- [ForceDisableWakeWhenBatterySaverOn](policy-csp-humanpresence.md#forcedisablewakewhenbatterysaveron)
-- [ForceAllowWakeWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowwakewhenexternaldisplayconnected)
-- [ForceAllowLockWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowlockwhenexternaldisplayconnected)
-- [ForceAllowDimWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowdimwhenexternaldisplayconnected)
-
## InternetExplorer
- [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields)
@@ -121,49 +83,8 @@ This article lists the policies that are applicable for Windows Insider Preview
- [StartInstallation](language-pack-management-csp.md#installlanguage-idstartinstallation)
- [SystemPreferredUILanguages](language-pack-management-csp.md#languagesettingssystempreferreduilanguages)
-## LAPS CSP
-
-- [PassphraseLength](laps-csp.md#policiespassphraselength)
-- [AutomaticAccountManagementEnabled](laps-csp.md#policiesautomaticaccountmanagementenabled)
-- [AutomaticAccountManagementTarget](laps-csp.md#policiesautomaticaccountmanagementtarget)
-- [AutomaticAccountManagementNameOrPrefix](laps-csp.md#policiesautomaticaccountmanagementnameorprefix)
-- [AutomaticAccountManagementEnableAccount](laps-csp.md#policiesautomaticaccountmanagementenableaccount)
-- [AutomaticAccountManagementRandomizeName](laps-csp.md#policiesautomaticaccountmanagementrandomizename)
-
## LocalPoliciesSecurityOptions
-- [Audit_AuditTheUseOfBackupAndRestoreprivilege](policy-csp-localpoliciessecurityoptions.md#audit_audittheuseofbackupandrestoreprivilege)
-- [Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings](policy-csp-localpoliciessecurityoptions.md#audit_forceauditpolicysubcategorysettingstooverrideauditpolicycategorysettings)
-- [Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits](policy-csp-localpoliciessecurityoptions.md#audit_shutdownsystemimmediatelyifunabletologsecurityaudits)
-- [Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly](policy-csp-localpoliciessecurityoptions.md#devices_restrictfloppyaccesstolocallyloggedonuseronly)
-- [DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptorsignsecurechanneldataalways)
-- [DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptsecurechanneldatawhenpossible)
-- [DomainMember_DigitallySignSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallysignsecurechanneldatawhenpossible)
-- [DomainMember_DisableMachineAccountPasswordChanges](policy-csp-localpoliciessecurityoptions.md#domainmember_disablemachineaccountpasswordchanges)
-- [DomainMember_MaximumMachineAccountPasswordAge](policy-csp-localpoliciessecurityoptions.md#domainmember_maximummachineaccountpasswordage)
-- [DomainMember_RequireStrongSessionKey](policy-csp-localpoliciessecurityoptions.md#domainmember_requirestrongsessionkey)
-- [InteractiveLogon_MachineAccountLockoutThreshold](policy-csp-localpoliciessecurityoptions.md#interactivelogon_machineaccountlockoutthreshold)
-- [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache)
-- [InteractiveLogon_PromptUserToChangePasswordBeforeExpiration](policy-csp-localpoliciessecurityoptions.md#interactivelogon_promptusertochangepasswordbeforeexpiration)
-- [MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_amountofidletimerequiredbeforesuspendingsession)
-- [MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_disconnectclientswhenlogonhoursexpire)
-- [MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_serverspntargetnamevalidationlevel)
-- [NetworkAccess_AllowAnonymousSIDOrNameTranslation](policy-csp-localpoliciessecurityoptions.md#networkaccess_allowanonymoussidornametranslation)
-- [NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication](policy-csp-localpoliciessecurityoptions.md#networkaccess_donotallowstorageofpasswordsandcredentialsfornetworkauthentication)
-- [NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers](policy-csp-localpoliciessecurityoptions.md#networkaccess_leteveryonepermissionsapplytoanonymoususers)
-- [NetworkAccess_NamedPipesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_namedpipesthatcanbeaccessedanonymously)
-- [NetworkAccess_RemotelyAccessibleRegistryPaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypaths)
-- [NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypathsandsubpaths)
-- [NetworkAccess_SharesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharesthatcanbeaccessedanonymously)
-- [NetworkAccess_SharingAndSecurityModelForLocalAccounts](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharingandsecuritymodelforlocalaccounts)
-- [NetworkSecurity_AllowLocalSystemNULLSessionFallback](policy-csp-localpoliciessecurityoptions.md#networksecurity_allowlocalsystemnullsessionfallback)
-- [NetworkSecurity_ForceLogoffWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#networksecurity_forcelogoffwhenlogonhoursexpire)
-- [NetworkSecurity_LDAPClientSigningRequirements](policy-csp-localpoliciessecurityoptions.md#networksecurity_ldapclientsigningrequirements)
-- [RecoveryConsole_AllowAutomaticAdministrativeLogon](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowautomaticadministrativelogon)
-- [RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowfloppycopyandaccesstoalldrivesandallfolders)
-- [SystemCryptography_ForceStrongKeyProtection](policy-csp-localpoliciessecurityoptions.md#systemcryptography_forcestrongkeyprotection)
-- [SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems](policy-csp-localpoliciessecurityoptions.md#systemobjects_requirecaseinsensitivityfornonwindowssubsystems)
-- [SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects](policy-csp-localpoliciessecurityoptions.md#systemobjects_strengthendefaultpermissionsofinternalsystemobjects)
- [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection)
- [UserAccountControl_TypeOfAdminApprovalMode](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_typeofadminapprovalmode)
@@ -174,23 +95,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction)
- [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout)
-## MSSecurityGuide
-
-- [NetBTNodeTypeConfiguration](policy-csp-mssecurityguide.md#netbtnodetypeconfiguration)
-
-## NetworkListManager
-
-- [AllNetworks_NetworkIcon](policy-csp-networklistmanager.md#allnetworks_networkicon)
-- [AllNetworks_NetworkLocation](policy-csp-networklistmanager.md#allnetworks_networklocation)
-- [AllNetworks_NetworkName](policy-csp-networklistmanager.md#allnetworks_networkname)
-- [IdentifyingNetworks_LocationType](policy-csp-networklistmanager.md#identifyingnetworks_locationtype)
-- [UnidentifiedNetworks_LocationType](policy-csp-networklistmanager.md#unidentifiednetworks_locationtype)
-- [UnidentifiedNetworks_UserPermissions](policy-csp-networklistmanager.md#unidentifiednetworks_userpermissions)
-
-## Notifications
-
-- [DisableAccountNotifications](policy-csp-notifications.md#disableaccountnotifications)
-
## PassportForWork CSP
- [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
@@ -202,77 +106,15 @@ This article lists the policies that are applicable for Windows Insider Preview
## RemoteDesktopServices
-- [LimitServerToClientClipboardRedirection](policy-csp-remotedesktopservices.md#limitservertoclientclipboardredirection)
-- [LimitClientToServerClipboardRedirection](policy-csp-remotedesktopservices.md#limitclienttoserverclipboardredirection)
-- [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md#disconnectonlocklegacyauthn)
-- [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md#disconnectonlockmicrosoftidentityauthn)
- [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime)
-## Search
-
-- [ConfigureSearchOnTaskbarMode](policy-csp-search.md#configuresearchontaskbarmode)
-
-## SettingsSync
-
-- [DisableAccessibilitySettingSync](policy-csp-settingssync.md#disableaccessibilitysettingsync)
-- [DisableLanguageSettingSync](policy-csp-settingssync.md#disablelanguagesettingsync)
-
-## Sudo
-
-- [EnableSudo](policy-csp-sudo.md#enablesudo)
-
## SurfaceHub CSP
- [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
-## System
-
-- [HideUnsupportedHardwareNotifications](policy-csp-system.md#hideunsupportedhardwarenotifications)
-
-## SystemServices
-
-- [ConfigureComputerBrowserServiceStartupMode](policy-csp-systemservices.md#configurecomputerbrowserservicestartupmode)
-- [ConfigureIISAdminServiceStartupMode](policy-csp-systemservices.md#configureiisadminservicestartupmode)
-- [ConfigureInfraredMonitorServiceStartupMode](policy-csp-systemservices.md#configureinfraredmonitorservicestartupmode)
-- [ConfigureInternetConnectionSharingServiceStartupMode](policy-csp-systemservices.md#configureinternetconnectionsharingservicestartupmode)
-- [ConfigureLxssManagerServiceStartupMode](policy-csp-systemservices.md#configurelxssmanagerservicestartupmode)
-- [ConfigureMicrosoftFTPServiceStartupMode](policy-csp-systemservices.md#configuremicrosoftftpservicestartupmode)
-- [ConfigureRemoteProcedureCallLocatorServiceStartupMode](policy-csp-systemservices.md#configureremoteprocedurecalllocatorservicestartupmode)
-- [ConfigureRoutingAndRemoteAccessServiceStartupMode](policy-csp-systemservices.md#configureroutingandremoteaccessservicestartupmode)
-- [ConfigureSimpleTCPIPServicesStartupMode](policy-csp-systemservices.md#configuresimpletcpipservicesstartupmode)
-- [ConfigureSpecialAdministrationConsoleHelperServiceStartupMode](policy-csp-systemservices.md#configurespecialadministrationconsolehelperservicestartupmode)
-- [ConfigureSSDPDiscoveryServiceStartupMode](policy-csp-systemservices.md#configuressdpdiscoveryservicestartupmode)
-- [ConfigureUPnPDeviceHostServiceStartupMode](policy-csp-systemservices.md#configureupnpdevicehostservicestartupmode)
-- [ConfigureWebManagementServiceStartupMode](policy-csp-systemservices.md#configurewebmanagementservicestartupmode)
-- [ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode](policy-csp-systemservices.md#configurewindowsmediaplayernetworksharingservicestartupmode)
-- [ConfigureWindowsMobileHotspotServiceStartupMode](policy-csp-systemservices.md#configurewindowsmobilehotspotservicestartupmode)
-- [ConfigureWorldWideWebPublishingServiceStartupMode](policy-csp-systemservices.md#configureworldwidewebpublishingservicestartupmode)
-
## Update
- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
-- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md#configuredeadlinenoautorebootforfeatureupdates)
-- [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md#configuredeadlinenoautorebootforqualityupdates)
-- [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md#alwaysautorebootatscheduledtimeminutes)
-
-## UserRights
-
-- [BypassTraverseChecking](policy-csp-userrights.md#bypasstraversechecking)
-- [ReplaceProcessLevelToken](policy-csp-userrights.md#replaceprocessleveltoken)
-- [ChangeTimeZone](policy-csp-userrights.md#changetimezone)
-- [ShutDownTheSystem](policy-csp-userrights.md#shutdownthesystem)
-- [LogOnAsBatchJob](policy-csp-userrights.md#logonasbatchjob)
-- [ProfileSystemPerformance](policy-csp-userrights.md#profilesystemperformance)
-- [DenyLogOnAsBatchJob](policy-csp-userrights.md#denylogonasbatchjob)
-- [LogOnAsService](policy-csp-userrights.md#logonasservice)
-- [IncreaseProcessWorkingSet](policy-csp-userrights.md#increaseprocessworkingset)
-- [DenyLogOnAsService](policy-csp-userrights.md#denylogonasservice)
-- [AdjustMemoryQuotasForProcess](policy-csp-userrights.md#adjustmemoryquotasforprocess)
-- [AllowLogOnThroughRemoteDesktop](policy-csp-userrights.md#allowlogonthroughremotedesktop)
-
-## WebThreatDefense
-
-- [AutomaticDataCollection](policy-csp-webthreatdefense.md#automaticdatacollection)
## Wifi
@@ -281,7 +123,7 @@ This article lists the policies that are applicable for Windows Insider Preview
## WindowsAI
-- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
+- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey)
- [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
- [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
@@ -294,11 +136,6 @@ This article lists the policies that are applicable for Windows Insider Preview
- [DisableSubscription](windowslicensing-csp.md#subscriptionsdisablesubscription)
- [RemoveSubscription](windowslicensing-csp.md#subscriptionsremovesubscription)
-## WindowsSandbox
-
-- [AllowMappedFolders](policy-csp-windowssandbox.md#allowmappedfolders)
-- [AllowWriteToMappedFolders](policy-csp-windowssandbox.md#allowwritetomappedfolders)
-
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 0fa200d984..1823ce5450 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1,7 +1,7 @@
---
title: Policy CSP
description: Learn more about the Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
---
@@ -1152,6 +1152,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
- [Settings](policy-csp-settings.md)
- [SettingsSync](policy-csp-settingssync.md)
- [SmartScreen](policy-csp-smartscreen.md)
+- [SpeakForMe](policy-csp-speakforme.md)
- [Speech](policy-csp-speech.md)
- [Start](policy-csp-start.md)
- [Stickers](policy-csp-stickers.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 0cdd78d66b..3f48213786 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -1,7 +1,7 @@
---
title: ADMX_AppxPackageManager Policy CSP
description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -32,7 +32,7 @@ ms.date: 08/06/2024
-This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off:
+This policy setting allows you to manage the deployment of packaged Microsoft Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off:
Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies.
@@ -42,9 +42,9 @@ Temporary user profiles, which are created when an error prevents the correct pr
User profiles for the Guest account and members of the Guests group.
-- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile.
+- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of packaged Microsoft Store apps when using a special profile.
-- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.
+- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of packaged Microsoft Store apps when using a special profile.
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 540235107e..1cc79f97a0 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -1,7 +1,7 @@
---
title: ADMX_AppXRuntime Policy CSP
description: Learn more about the ADMX_AppXRuntime Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -32,11 +32,11 @@ ms.date: 08/06/2024
-This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer.
+This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer.
-- If you enable this policy setting, you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use.
+- If you enable this policy setting, you can define additional Content URI Rules that all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer can use.
-- If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules.
+- If you disable or don't set this policy setting, packaged Microsoft Store apps will only use the static Content URI Rules.
@@ -60,7 +60,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static
| Name | Value |
|:--|:--|
| Name | AppxRuntimeApplicationContentUriRules |
-| Friendly Name | Turn on dynamic Content URI Rules for Windows store apps |
+| Friendly Name | Turn on dynamic Content URI Rules for packaged Microsoft Store apps |
| Location | Computer Configuration |
| Path | Windows Components > App runtime |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Packages\Applications |
@@ -95,11 +95,11 @@ This policy setting lets you turn on Content URI Rules to supplement the static
-This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type.
+This policy setting lets you control whether packaged Microsoft Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a packaged Microsoft Store app might compromise the system by opening a file in the default desktop app for a file type.
-- If you enable this policy setting, Windows Store apps can't open files in the default desktop app for a file type; they can open files only in other Windows Store apps.
+- If you enable this policy setting, packaged Microsoft Store apps can't open files in the default desktop app for a file type; they can open files only in other packaged Microsoft Store apps.
-- If you disable or don't configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
+- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open files in the default desktop app for a file type.
@@ -219,14 +219,14 @@ This policy shouldn't be enabled unless recommended by Microsoft as a security r
-This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
+This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app.
-- If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
+- If you enable this policy setting, packaged Microsoft Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps.
-- If you disable or don't configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme.
+- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme.
> [!NOTE]
-> Enabling this policy setting doesn't block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
+> Enabling this policy setting doesn't block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index af2f85b62d..fa0478440b 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -1,7 +1,7 @@
---
title: ADMX_ControlPanelDisplay Policy CSP
description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -1351,7 +1351,7 @@ Specifies which theme file is applied to the computer the first time a user logs
|:--|:--|
| Name | CPL_Personalization_SetTheme |
| Friendly Name | Load a specific theme |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
| Path | Control Panel > Personalization |
| Registry Key Name | Software\Policies\Microsoft\Windows\Personalization |
| ADMX File Name | ControlPanelDisplay.admx |
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 9ea0e21a78..2a743d498c 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -1,7 +1,7 @@
---
title: ADMX_DeviceGuard Policy CSP
description: Learn more about the ADMX_DeviceGuard Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -34,7 +34,7 @@ ms.date: 08/06/2024
-Deploy Windows Defender Application Control.
+Deploy App Control for Business.
This policy setting lets you deploy a Code Integrity Policy to a machine to control what's allowed to run on that machine.
@@ -69,7 +69,7 @@ If using a signed and protected policy then disabling this policy setting doesn'
| Name | Value |
|:--|:--|
| Name | ConfigCIPolicy |
-| Friendly Name | Deploy Windows Defender Application Control |
+| Friendly Name | Deploy App Control for Business |
| Location | Computer Configuration |
| Path | System > Device Guard |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard |
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 2f447009b6..dc1ec2aa56 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -1,7 +1,7 @@
---
title: ADMX_DnsClient Policy CSP
description: Learn more about the ADMX_DnsClient Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -91,7 +91,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie
-Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
+Specifies that the DNS client may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com" is an example of a fully qualified name because it contains a terminating dot.
@@ -103,7 +103,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix
- If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
-- If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+- If you don't configure this policy setting, the DNS client will use its local settings to determine the query behavior for unqualified multi-label names.
@@ -162,9 +162,9 @@ Specifies a connection-specific DNS suffix. This policy setting supersedes local
To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
-- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by the DNS client.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied connection specific DNS suffix, if configured.
@@ -234,7 +234,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
-If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
@@ -295,11 +295,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
-Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
+Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the DNS client is on non-domain networks with no WINS servers configured.
- If this policy setting is enabled, IDNs aren't converted to Punycode.
-- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the DNS client is on non-domain networks with no WINS servers configured.
@@ -413,13 +413,13 @@ Specifies whether the DNS client should convert internationalized domain names (
-Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
+Defines the DNS servers to which the DNS client sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
-- If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the list of DNS servers is applied to all network connections used by the DNS client.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied list of DNS servers, if configured.
@@ -535,18 +535,18 @@ Specifies that responses from link local name resolution protocols received over
-Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
+Specifies the primary DNS suffix used by the DNS client in DNS name registration and DNS name resolution.
To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
> [!IMPORTANT]
-> In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows.
+> In order for changes to this policy setting to be applied on the DNS client, you must restart Windows.
- If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.
You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
-- If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client uses the local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined.
@@ -600,18 +600,18 @@ You can use this policy setting to prevent users, including local administrators
-Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
+Specifies if the DNS client performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
-- If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the DNS client will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by the DNS client.
-For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
+For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
> [!IMPORTANT]
-> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+> This policy setting is ignored by the DNS client if dynamic DNS registration is disabled.
-- If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client won't register any A and PTR resource records using a connection-specific DNS suffix.
@@ -666,7 +666,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso
-Specifies if DNS client computers will register PTR resource records.
+Specifies if the DNS client will register PTR resource records.
By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
@@ -674,13 +674,13 @@ By default, DNS clients configured to perform dynamic DNS registration will atte
To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
-Don't register: Computers won't attempt to register PTR resource records.
+Don't register: the DNS client won't attempt to register PTR resource records.
-Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
+Register: the DNS client will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
-Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
+Register only if A record registration succeeds: the DNS client will attempt to register PTR resource records only if registration of the corresponding A records was successful.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use locally configured settings.
@@ -734,11 +734,11 @@ Register only if A record registration succeeds: Computers will attempt to regis
-Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
+Specifies if DNS dynamic update is enabled. DNS clients configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
-- If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled.
+- If you enable this policy setting, or you don't configure this policy setting, the DNS client will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled.
-- If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
+- If you disable this policy setting, the DNS client may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
@@ -795,7 +795,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
-This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
+This policy setting is designed for DNS clients that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other DNS clients.
During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
@@ -856,18 +856,18 @@ During dynamic update of resource records in a zone that doesn't use Secure Dyna
-Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
+Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies DNS clients performing dynamic DNS updates.
-Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+DNS clients configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
> [!WARNING]
> If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes.
-- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by DNS clients that receive this policy setting.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied setting. By default, DNS clients configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
@@ -921,13 +921,13 @@ To specify the registration refresh interval, click Enabled and then enter a val
-Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
+Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by the DNS client to which this policy setting is applied.
To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
-- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by the DNS client.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
@@ -985,7 +985,7 @@ Specifies the DNS suffixes to attach to an unqualified single-label name before
An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com".
-Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com".
+DNS clients that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com".
To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes.
@@ -1170,15 +1170,15 @@ Specifies the security level for dynamic DNS updates.
To use this policy setting, click Enabled and then select one of the following values:
-Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.
+Unsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused.
-Only unsecure - computers send only nonsecure dynamic updates.
+Only unsecure - the DNS client sends only nonsecure dynamic updates.
-Only secure - computers send only secure dynamic updates.
+Only secure - The DNS client sends only secure dynamic updates.
-- If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
+- If you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
-- If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+- If you disable this policy setting, or if you don't configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
@@ -1232,13 +1232,13 @@ Only secure - computers send only secure dynamic updates.
-Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com".
+Specifies if the DNS client may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com".
By default, a DNS client that's configured to perform dynamic DNS update will update the DNS zone that's authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
-- If you enable this policy setting, computers send dynamic updates to any zone that's authoritative for the resource records that the computer needs to update, except the root zone.
+- If you enable this policy setting, the DNS client sends dynamic updates to any zone that's authoritative for the resource records that the DNS client needs to update, except the root zone.
-- If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client doesn't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the DNS client needs to update.
@@ -1309,7 +1309,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
-If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
@@ -1370,11 +1370,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
-Specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
+Specifies that link local multicast name resolution (LLMNR) is disabled on the DNS client.
-LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a DNS client to another DNS client on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
-- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
+- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the DNS client.
- If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters.
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 03c6eabd47..1b08f87864 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -1,7 +1,7 @@
---
title: ADMX_FileSys Policy CSP
description: Learn more about the ADMX_FileSys Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -260,7 +260,7 @@ Encrypting the page file prevents malicious users from reading data that has bee
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and packaged Microsoft Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 124f07bbb0..2664598272 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,7 +1,7 @@
---
title: ADMX_MicrosoftDefenderAntivirus Policy CSP
description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -1523,11 +1523,13 @@ This policy setting defines the number of days items should be kept in the Quara
-This policy setting allows you to configure the scheduled scan, and the scheduled security intelligence update, start time window in hours.
+This policy setting allows you to configure the randomization of the scheduled scan start time and the scheduled definition update start time.
-- If you disable or don't configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler.
+- If you enable or don't configure this policy setting, and didn't set a randomization window in the Configure scheduled task time randomization window setting , then randomization will be added between 0-4 hours.
-- If you enable this setting, you can widen, or narrow, this randomization period. Specify a randomization window of between 1 and 23 hours.
+- If you enable or don't configure this policy setting, and set a randomization window in the Configure scheduled task time randomization window setting, the configured randomization window will be used.
+
+- If you disable this policy setting, but configured the scheduled task time randomization window, randomization won't be done.
@@ -3528,11 +3530,11 @@ This policy setting allows you to configure scanning mapped network drives.
-This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting.
+This policy setting allows the scanning of network files using on access protection. The default is enabled. Recommended to remain enabled in most cases.
-- If you enable this setting, network files will be scanned.
+- If you enable or don't configure this setting, network files will be scanned.
-- If you disable or don't configure this setting, network files won't be scanned.
+- If you disable this setting, network files won't be scanned.
@@ -3556,7 +3558,7 @@ This policy setting allows you to configure scanning for network files. It's rec
| Name | Value |
|:--|:--|
| Name | Scan_DisableScanningNetworkFiles |
-| Friendly Name | Scan network files |
+| Friendly Name | Configure scanning of network files |
| Location | Computer Configuration |
| Path | Windows Components > Microsoft Defender Antivirus > Scan |
| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
@@ -5436,12 +5438,7 @@ Valid remediation action values are:
-
-This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
-
-- If you enable this setting, the additional text specified will be displayed.
-
-- If you disable or don't configure this setting, there will be no additional text displayed.
+
@@ -5458,6 +5455,7 @@ This policy setting allows you to configure whether or not to display additional
+
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -5465,10 +5463,6 @@ This policy setting allows you to configure whether or not to display additional
| Name | Value |
|:--|:--|
| Name | UX_Configuration_CustomDefaultActionToastString |
-| Friendly Name | Display additional text to clients when they need to perform an action |
-| Location | Computer Configuration |
-| Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
-| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
| ADMX File Name | WindowsDefender.admx |
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 6603256c75..3cad268ba1 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,7 +1,7 @@
---
title: ADMX_Netlogon Policy CSP
description: Learn more about the ADMX_Netlogon Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -420,6 +420,8 @@ Note that this policy setting doesn't affect NetBIOS-based discovery for DC loca
- If you enable or don't configure this policy setting, the DC location algorithm doesn't use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior.
- If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.
+
+This setting has no effect unless the BlockNetbiosDiscovery setting is disabled. NetBIOS-based discovery is considered unsecure, has many limitations, and will be deprecated in a future release. For these reasons, NetBIOS-based discovery isn't recommended. See for more information.
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index d610c2f9e8..3d3913d0a5 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,7 +1,7 @@
---
title: ADMX_Printing Policy CSP
description: Learn more about the ADMX_Printing Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -749,7 +749,7 @@ This preference allows you to change default printer management.
-Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2022.
+Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2025.
- If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index e43437afce..7c490ba91b 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,7 +1,7 @@
---
title: ADMX_StartMenu Policy CSP
description: Learn more about the ADMX_StartMenu Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -997,7 +997,7 @@ This policy setting allows you to prevent users from changing their Start screen
|:--|:--|
| Name | NoChangeStartMenu |
| Friendly Name | Prevent users from customizing their Start Screen |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
| Path | Start Menu and Taskbar |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| Registry Value Name | NoChangeStartMenu |
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 15a624d898..f2d2086000 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,7 +1,7 @@
---
title: ADMX_Taskbar Policy CSP
description: Learn more about the ADMX_Taskbar Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -69,7 +69,7 @@ A reboot is required for this policy setting to take effect.
|:--|:--|
| Name | DisableNotificationCenter |
| Friendly Name | Remove Notifications and Action Center |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
| Path | Start Menu and Taskbar |
| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
| Registry Value Name | DisableNotificationCenter |
@@ -748,11 +748,11 @@ This policy setting allows you to turn off automatic promotion of notification i
-This policy setting allows users to see Windows Store apps on the taskbar.
+This policy setting allows users to see packaged Microsoft Store apps on the taskbar.
-- If you enable this policy setting, users will see Windows Store apps on the taskbar.
+- If you enable this policy setting, users will see packaged Microsoft Store apps on the taskbar.
-- If you disable this policy setting, users won't see Windows Store apps on the taskbar.
+- If you disable this policy setting, users won't see packaged Microsoft Store apps on the taskbar.
- If you don't configure this policy setting, the default setting for the user's device will be used, and the user can choose to change it.
@@ -778,7 +778,7 @@ This policy setting allows users to see Windows Store apps on the taskbar.
| Name | Value |
|:--|:--|
| Name | ShowWindowsStoreAppsOnTaskbar |
-| Friendly Name | Show Windows Store apps on the taskbar |
+| Friendly Name | Show packaged Microsoft Store apps on the taskbar |
| Location | User Configuration |
| Path | Start Menu and Taskbar |
| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index c4f588506a..d6d10aed92 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,7 +1,7 @@
---
title: ADMX_TerminalServer Policy CSP
description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -3585,7 +3585,7 @@ This policy setting allows you to specify which protocols can be used for Remote
- If you enable this policy setting, you must specify if you would like RDP to use UDP.
-You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)".
+You can select one of the following options: "Use either UDP or TCP (default)" or "Use only TCP".
If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index 7095179c9c..bc47c28b99 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,7 +1,7 @@
---
title: ADMX_Thumbnails Policy CSP
description: Learn more about the ADMX_Thumbnails Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -95,11 +95,14 @@ File Explorer displays thumbnail images by default.
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
-File Explorer displays thumbnail images on network folders by default.
+File Explorer displays only icons and never displays thumbnail images on network folders by default.
-- If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+- If you disable this policy setting, File Explorer displays thumbnail images on network folders.
-- If you disable or don't configure this policy setting, File Explorer displays only thumbnail images on network folders.
+- If you enable or don't configure this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+
+> [!NOTE]
+> Allowing the use of thumbnail images from network folders can expose the users' computers to security risks.
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 44d542de9d..9100a4bbb3 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -1,7 +1,7 @@
---
title: ADMX_WindowsExplorer Policy CSP
description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -472,7 +472,15 @@ You can specify a known folder using its known folder id or using its canonical
-
+
+This policy setting determines the application of the Mark of the Web tag to files sourced from insecure locations.
+
+- If you enable this policy setting, files copied from unsecure sources won't be tagged with the Mark of the Web.
+
+- If you disable or don't configure this policy setting, files copied from unsecure sources will be tagged with the appropriate Mark of the Web.
+
+> [!NOTE]
+> Failure to tag files from unsecure sources with the Mark of the Web can expose users' computers to security risks.
@@ -489,7 +497,6 @@ You can specify a known folder using its known folder id or using its canonical
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -497,6 +504,11 @@ You can specify a known folder using its known folder id or using its canonical
| Name | Value |
|:--|:--|
| Name | DisableMotWOnInsecurePathCopy |
+| Friendly Name | Do not apply the Mark of the Web tag to files copied from insecure sources |
+| Location | Computer Configuration |
+| Path | WindowsComponents > File Explorer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
+| Registry Value Name | DisableMotWOnInsecurePathCopy |
| ADMX File Name | WindowsExplorer.admx |
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index bfddc2641c..b1b7b3fd75 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -1,7 +1,7 @@
---
title: ADMX_WPN Policy CSP
description: Learn more about the ADMX_WPN Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -254,7 +254,7 @@ No reboots or service restarts are required for this policy setting to take effe
|:--|:--|
| Name | NoToastNotification |
| Friendly Name | Turn off toast notifications |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
| Path | Start Menu and Taskbar > Notifications |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
| Registry Value Name | NoToastApplicationNotification |
diff --git a/windows/client-management/mdm/policy-csp-appdeviceinventory.md b/windows/client-management/mdm/policy-csp-appdeviceinventory.md
index 7e0fb8176b..aa8f597ae9 100644
--- a/windows/client-management/mdm/policy-csp-appdeviceinventory.md
+++ b/windows/client-management/mdm/policy-csp-appdeviceinventory.md
@@ -1,7 +1,7 @@
---
title: AppDeviceInventory Policy CSP
description: Learn more about the AppDeviceInventory Area in Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
---
@@ -33,7 +33,12 @@ ms.date: 08/07/2024
-
+
+This policy controls the state of API Sampling. API Sampling monitors the sampled collection of application programming interfaces used during system runtime to help diagnose compatibility problems.
+
+- If you enable this policy, API Sampling won't be run.
+
+- If you disable or don't configure this policy, API Sampling will be turned on.
@@ -50,7 +55,6 @@ ms.date: 08/07/2024
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -58,6 +62,11 @@ ms.date: 08/07/2024
| Name | Value |
|:--|:--|
| Name | TurnOffAPISamping |
+| Friendly Name | Turn off API Sampling |
+| Location | Computer Configuration |
+| Path | Windows Components > App and Device Inventory |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
+| Registry Value Name | DisableAPISamping |
| ADMX File Name | AppDeviceInventory.admx |
@@ -83,7 +92,12 @@ ms.date: 08/07/2024
-
+
+This policy controls the state of Application Footprint. Application Footprint monitors the sampled collection of registry and file usage to help diagnose compatibility problems.
+
+- If you enable this policy, Application Footprint won't be run.
+
+- If you disable or don't configure this policy, Application Footprint will be turned on.
@@ -100,7 +114,6 @@ ms.date: 08/07/2024
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -108,6 +121,11 @@ ms.date: 08/07/2024
| Name | Value |
|:--|:--|
| Name | TurnOffApplicationFootprint |
+| Friendly Name | Turn off Application Footprint |
+| Location | Computer Configuration |
+| Path | Windows Components > App and Device Inventory |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
+| Registry Value Name | DisableApplicationFootprint |
| ADMX File Name | AppDeviceInventory.admx |
@@ -133,7 +151,12 @@ ms.date: 08/07/2024
-
+
+This policy controls the state of Install Tracing. Install Tracing is a mechanism that tracks application installs to help diagnose compatibility problems.
+
+- If you enable this policy, Install Tracing won't be run.
+
+- If you disable or don't configure this policy, Install Tracing will be turned on.
@@ -150,7 +173,6 @@ ms.date: 08/07/2024
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -158,6 +180,11 @@ ms.date: 08/07/2024
| Name | Value |
|:--|:--|
| Name | TurnOffInstallTracing |
+| Friendly Name | Turn off Install Tracing |
+| Location | Computer Configuration |
+| Path | Windows Components > App and Device Inventory |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
+| Registry Value Name | DisableInstallTracing |
| ADMX File Name | AppDeviceInventory.admx |
@@ -167,6 +194,65 @@ ms.date: 08/07/2024
+
+## TurnOffWin32AppBackup
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffWin32AppBackup
+```
+
+
+
+
+This policy controls the state of the compatibility scan for backed up applications. The compatibility scan for backed up applications evaluates for compatibility problems in installed applications.
+
+- If you enable this policy, the compatibility scan for backed up applications won't be run.
+
+- If you disable or don't configure this policy, the compatibility scan for backed up applications will be run.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffWin32AppBackup |
+| Friendly Name | Turn off compatibility scan for backed up applications |
+| Location | Computer Configuration |
+| Path | Windows Components > App and Device Inventory |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
+| Registry Value Name | DisableWin32AppBackup |
+| ADMX File Name | AppDeviceInventory.admx |
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 7b1698c462..885f96e31a 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,7 +1,7 @@
---
title: ApplicationManagement Policy CSP
description: Learn more about the ApplicationManagement Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
---
@@ -30,11 +30,11 @@ ms.date: 04/10/2024
-This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
+This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed packaged Microsoft Store apps.
-- If you enable this policy setting, you can install any LOB or developer-signed Windows Store app (which must be signed with a certificate chain that can be successfully validated by the local computer).
+- If you enable this policy setting, you can install any LOB or developer-signed packaged Microsoft Store app (which must be signed with a certificate chain that can be successfully validated by the local computer).
-- If you disable or don't configure this policy setting, you can't install LOB or developer-signed Windows Store apps.
+- If you disable or don't configure this policy setting, you can't install LOB or developer-signed packaged Microsoft Store apps.
@@ -269,7 +269,7 @@ Allows or denies development of Microsoft Store applications and installing them
| Name | Value |
|:--|:--|
| Name | AllowDevelopmentWithoutDevLicense |
-| Friendly Name | Allows development of Windows Store apps and installing them from an integrated development environment (IDE) |
+| Friendly Name | Allows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE) |
| Location | Computer Configuration |
| Path | Windows Components > App Package Deployment |
| Registry Key Name | Software\Policies\Microsoft\Windows\Appx |
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index 20cddfc183..2b19c52a8c 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,7 +1,7 @@
---
title: AppRuntime Policy CSP
description: Learn more about the AppRuntime Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -32,9 +32,9 @@ ms.date: 01/18/2024
-This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.
+This policy setting lets you control whether Microsoft accounts are optional for packaged Microsoft Store apps that require an account to sign in. This policy only affects packaged Microsoft Store apps that support it.
-- If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
+- If you enable this policy setting, packaged Microsoft Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
- If you disable or don't configure this policy setting, users will need to sign in with a Microsoft account.
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 6e677aa3b7..220712712a 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,7 +1,7 @@
---
title: AppVirtualization Policy CSP
description: Learn more about the AppVirtualization Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -33,6 +33,9 @@ ms.date: 01/18/2024
This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
+
+> [!NOTE]
+> Application Virtualization (App-V) will reach end-of-life April 2026. After that time, the App-V client will be excluded from new versions of the Windows operating system. See aka.ms/AppVDeprecation for more information.
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 27aae04079..11bf016054 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,7 +1,7 @@
---
title: Cryptography Policy CSP
description: Learn more about the Cryptography Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/18/2024
# Policy CSP - Cryptography
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -79,7 +77,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -146,7 +144,7 @@ CertUtil.exe -DisplayEccCurve.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -196,7 +194,7 @@ System cryptography: Force strong key protection for user keys stored on the com
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -235,7 +233,7 @@ Override minimal enabled TLS version for client role. Last write wins.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -274,7 +272,7 @@ Override minimal enabled TLS version for server role. Last write wins.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -313,7 +311,7 @@ Override minimal enabled TLS version for client role. Last write wins.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index a790f24a26..2eef54311e 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,7 +1,7 @@
---
title: Defender Policy CSP
description: Learn more about the Defender Area in Policy CSP.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
---
@@ -745,7 +745,7 @@ This policy setting allows you to configure scheduled scans and on-demand (manua
| Name | Value |
|:--|:--|
| Name | Scan_DisableScanningNetworkFiles |
-| Friendly Name | Scan network files |
+| Friendly Name | Configure scanning of network files |
| Location | Computer Configuration |
| Path | Windows Components > Microsoft Defender Antivirus > Scan |
| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
index 2b3fea16a4..c1806d30f7 100644
--- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md
+++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
@@ -1,7 +1,7 @@
---
title: DesktopAppInstaller Policy CSP
description: Learn more about the DesktopAppInstaller Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -11,8 +11,6 @@ ms.date: 01/18/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -215,7 +213,14 @@ Users will still be able to execute the *winget* command. The default help will
-
+
+This policy controls whether the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate hash matches to a known Microsoft Store certificate when initiating a connection to the Microsoft Store Source.
+
+- If you enable this policy, the [Windows Package Manager](/windows/package-manager/) will bypass the Microsoft Store certificate validation.
+
+- If you disable this policy, the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate used is valid and belongs to the Microsoft Store before communicating with the Microsoft Store source.
+
+- If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to.
@@ -232,7 +237,6 @@ Users will still be able to execute the *winget* command. The default help will
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -240,6 +244,11 @@ Users will still be able to execute the *winget* command. The default help will
| Name | Value |
|:--|:--|
| Name | EnableBypassCertificatePinningForMicrosoftStore |
+| Friendly Name | Enable App Installer Microsoft Store Source Certificate Validation Bypass |
+| Location | Computer Configuration |
+| Path | Windows Components > Desktop App Installer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
+| Registry Value Name | EnableBypassCertificatePinningForMicrosoftStore |
| ADMX File Name | DesktopAppInstaller.admx |
@@ -445,7 +454,14 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
-
+
+This policy controls the ability to override malware vulnerability scans when installing an archive file using a local manifest using the command line arguments.
+
+- If you enable this policy, users can override the malware scan when performing a local manifest install of an archive file.
+
+- If you disable this policy, users will be unable to override the malware scan of an archive file when installing using a local manifest.
+
+- If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to.
@@ -462,7 +478,6 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -470,6 +485,11 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
| Name | Value |
|:--|:--|
| Name | EnableLocalArchiveMalwareScanOverride |
+| Friendly Name | Enable App Installer Local Archive Malware Scan Override |
+| Location | Computer Configuration |
+| Path | Windows Components > Desktop App Installer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
+| Registry Value Name | EnableLocalArchiveMalwareScanOverride |
| ADMX File Name | DesktopAppInstaller.admx |
@@ -618,9 +638,9 @@ This policy controls the Microsoft Store source included with the [Windows Packa
This policy controls whether users can install packages from a website that's using the ms-appinstaller protocol.
-- If you enable or don't configure this setting, users will be able to install packages from websites that use this protocol.
+- If you enable this setting, users will be able to install packages from websites that use this protocol.
-- If you disable this setting, users won't be able to install packages from websites that use this protocol.
+- If you disable or don't configure this setting, users won't be able to install packages from websites that use this protocol.
@@ -724,7 +744,7 @@ The settings are stored inside of a .json file on the user’s system. It may be
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -734,7 +754,14 @@ The settings are stored inside of a .json file on the user’s system. It may be
-
+
+This policy determines if a user can perform an action using the [Windows Package Manager](/windows/package-manager/) through a command line interface (WinGet CLI, or WinGet PowerShell).
+
+If you disable this policy, users won't be able execute the [Windows Package Manager](/windows/package-manager/) CLI, and PowerShell cmdlets.
+
+If you enable, or don't configuring this policy, users will be able to execute the [Windows Package Manager](/windows/package-manager/) CLI commands, and PowerShell cmdlets. (Provided "Enable App Installer" policy isn't disabled).
+
+This policy doesn't override the "Enable App Installer" policy.
@@ -751,7 +778,6 @@ The settings are stored inside of a .json file on the user’s system. It may be
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -759,6 +785,11 @@ The settings are stored inside of a .json file on the user’s system. It may be
| Name | Value |
|:--|:--|
| Name | EnableWindowsPackageManagerCommandLineInterfaces |
+| Friendly Name | Enable Windows Package Manager command line interfaces |
+| Location | Computer Configuration |
+| Path | Windows Components > Desktop App Installer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
+| Registry Value Name | EnableWindowsPackageManagerCommandLineInterfaces |
| ADMX File Name | DesktopAppInstaller.admx |
@@ -774,7 +805,7 @@ The settings are stored inside of a .json file on the user’s system. It may be
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -784,7 +815,12 @@ The settings are stored inside of a .json file on the user’s system. It may be
-
+
+This policy controls whether the [Windows Package Manager](/windows/package-manager/) configuration feature can be used by users.
+
+- If you enable or don't configure this setting, users will be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature.
+
+- If you disable this setting, users won't be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature.
@@ -801,7 +837,6 @@ The settings are stored inside of a .json file on the user’s system. It may be
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -809,6 +844,11 @@ The settings are stored inside of a .json file on the user’s system. It may be
| Name | Value |
|:--|:--|
| Name | EnableWindowsPackageManagerConfiguration |
+| Friendly Name | Enable Windows Package Manager Configuration |
+| Location | Computer Configuration |
+| Path | Windows Components > Desktop App Installer |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
+| Registry Value Name | EnableWindowsPackageManagerConfiguration |
| ADMX File Name | DesktopAppInstaller.admx |
@@ -835,9 +875,9 @@ The settings are stored inside of a .json file on the user’s system. It may be
-This policy controls the auto update interval for package-based sources.
+This policy controls the auto-update interval for package-based sources. The default source for [Windows Package Manager](/windows/package-manager/) is configured such that an index of the packages is cached on the local machine. The index is downloaded when a user invokes a command, and the interval has passed.
-- If you disable or don't configure this setting, the default interval or the value specified in settings will be used by the [Windows Package Manager](/windows/package-manager/).
+- If you disable or don't configure this setting, the default interval or the value specified in the [Windows Package Manager](/windows/package-manager/) settings will be used.
- If you enable this setting, the number of minutes specified will be used by the [Windows Package Manager](/windows/package-manager/).
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 259d88a891..c294633d53 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,7 +1,7 @@
---
title: DeviceLock Policy CSP
description: Learn more about the DeviceLock Area in Policy CSP.
-ms.date: 08/05/2024
+ms.date: 09/27/2024
---
@@ -11,8 +11,6 @@ ms.date: 08/05/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
> [!IMPORTANT]
@@ -25,7 +23,7 @@ ms.date: 08/05/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -64,7 +62,7 @@ Account lockout threshold - This security setting determines the number of faile
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -329,7 +327,7 @@ Determines the type of PIN or password required. This policy only applies if the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -685,7 +683,7 @@ The number of authentication failures allowed before the device will be wiped. A
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1025,7 +1023,7 @@ This security setting determines the period of time (in days) that a password mu
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1078,7 +1076,7 @@ This security setting determines the least number of characters that a password
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1128,7 +1126,7 @@ This security setting determines the minimum password length for which password
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1188,7 +1186,7 @@ Complexity requirements are enforced when passwords are changed or created.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1360,7 +1358,7 @@ If you enable this setting, users will no longer be able to modify slide show se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index f0831810bd..d6932eb1ca 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,7 +1,7 @@
---
title: Experience Policy CSP
description: Learn more about the Experience Area in Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 08/07/2024
# Policy CSP - Experience
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -484,7 +482,7 @@ Allow screen capture.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -494,7 +492,7 @@ Allow screen capture.
-
+
This policy setting allows you to control whether screen recording functionality is available in the Windows Snipping Tool app.
- If you disable this policy setting, screen recording functionality won't be accessible in the Windows Snipping Tool app.
@@ -531,7 +529,12 @@ This policy setting allows you to control whether screen recording functionality
| Name | Value |
|:--|:--|
| Name | AllowScreenRecorder |
-| Path | Programs > AT > WindowsComponents > SnippingTool |
+| Friendly Name | Allow Screen Recorder |
+| Location | User Configuration |
+| Path | Windows Components > Snipping Tool |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\SnippingTool |
+| Registry Value Name | AllowScreenRecorder |
+| ADMX File Name | Programs.admx |
@@ -1681,7 +1684,7 @@ This policy setting lets you turn off cloud consumer account state content in al
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1887,7 +1890,7 @@ _**Turn syncing off by default but don’t disable**_
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4828] and later
✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later
✅ Windows Insider Preview |
+| ❌ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5041582](https://support.microsoft.com/help/5041582) [10.0.19045.4842] and later
✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index fb55df7a5d..73f6d2a6de 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,7 +1,7 @@
---
title: FileExplorer Policy CSP
description: Learn more about the FileExplorer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -138,7 +138,7 @@ When This PC location is restricted, give the user the option to enumerate and n
-Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc.
+Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, Details pane, etc.
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 3ef891ed68..1cf592ddff 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -1,7 +1,7 @@
---
title: HumanPresence Policy CSP
description: Learn more about the HumanPresence Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/18/2024
# Policy CSP - HumanPresence
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -21,7 +19,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -85,7 +83,7 @@ Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forc
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -149,7 +147,7 @@ Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -213,7 +211,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 5e218fe45c..bfcf5c6f27 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,7 +1,7 @@
---
title: InternetExplorer Policy CSP
description: Learn more about the InternetExplorer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -1005,7 +1005,12 @@ Note. It's recommended to configure template policy settings in one Group Policy
-
+
+This policy setting allows the use of some disabled functionality, such as WorkingDirectory field or pluggable protocol handling, in Internet Shortcut files.
+
+If you enable this policy, disabled functionality for Internet Shortcut files will be re-enabled.
+
+If you disable, or don't configure this policy, some functionality for Internet Shortcut files, such as WorkingDirectory field or pluggable protocol handling, will be disabled.
@@ -1022,7 +1027,6 @@ Note. It's recommended to configure template policy settings in one Group Policy
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -1030,6 +1034,11 @@ Note. It's recommended to configure template policy settings in one Group Policy
| Name | Value |
|:--|:--|
| Name | AllowLegacyURLFields |
+| Friendly Name | Allow legacy functionality for Internet Shortcut files |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Internet Explorer |
+| Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main |
+| Registry Value Name | AllowLegacyURLFields |
| ADMX File Name | inetres.admx |
@@ -7923,13 +7932,11 @@ This policy setting allows you to manage the opening of windows and frames and a
-This policy setting specifies whether JScript or JScript9Legacy is loaded for MSHTML/WebOC/MSXML/Cscript based invocations.
+This policy setting specifies whether JScript or JScript9Legacy is loaded.
-- If you enable this policy setting, JScript9Legacy will be loaded in situations where JScript is instantiated.
+- If you enable this policy setting or not configured, JScript9Legacy will be loaded in situations where JScript is instantiated.
- If you disable this policy, then JScript will be utilized.
-
-- If this policy is left unconfigured, then MSHTML will use JScript9Legacy and MSXML/Cscript will use JScript.
@@ -7953,7 +7960,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS
| Name | Value |
|:--|:--|
| Name | JScriptReplacement |
-| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC. |
+| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript. |
| Location | Computer and User Configuration |
| Path | Windows Components > Internet Explorer |
| Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main |
@@ -13407,7 +13414,7 @@ If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode
If you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page.
-For more information, see
+For more information, see
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index b3e44fe44d..b80bf2d206 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,7 +1,7 @@
---
title: LanmanWorkstation Policy CSP
description: Learn more about the LanmanWorkstation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -36,6 +36,8 @@ This policy setting determines if the SMB client will allow insecure guest logon
- If you disable this policy setting, the SMB client will reject insecure guest logons.
+If you enable signing, the SMB client will reject insecure guest logons.
+
Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access".
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 8caa34c334..4333825aac 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
---
@@ -360,7 +360,7 @@ Accounts: Rename guest account This security setting determines whether a differ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -404,7 +404,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -445,7 +445,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -718,7 +718,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -771,7 +771,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -825,7 +825,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -878,7 +878,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -928,7 +928,7 @@ Domain member: Digitally sign secure channel data (when possible) This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -982,7 +982,7 @@ Domain member: Disable machine account password changes Determines whether a dom
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1035,7 +1035,7 @@ Domain member: Maximum machine account password age This security setting determ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1335,7 +1335,7 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1535,7 +1535,7 @@ Interactive logon: Message title for users attempting to log on This security se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1575,7 +1575,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1864,7 +1864,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2047,7 +2047,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2090,7 +2090,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2131,7 +2131,7 @@ Microsoft network server: Server SPN target name validation level This policy se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2312,7 +2312,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2360,7 +2360,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2412,7 +2412,7 @@ Network access: Let Everyone permissions apply to anonymous users This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2452,7 +2452,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2495,7 +2495,7 @@ Network access: Remotely accessible registry paths This security setting determi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2644,7 +2644,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2684,7 +2684,7 @@ Network access: Shares that can be accessed anonymously This security setting de
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2728,7 +2728,7 @@ Network access: Sharing and security model for local accounts This security sett
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2958,7 +2958,7 @@ Network security: Don't store LAN Manager hash value on next password change Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3083,7 +3083,7 @@ Network security LAN Manager authentication level This security setting determin
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3489,7 +3489,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3539,7 +3539,7 @@ Recovery console: Allow automatic administrative logon This security setting det
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3696,7 +3696,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3737,7 +3737,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3787,7 +3787,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md
index d4773d4c5d..d29d14edd8 100644
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@@ -1,7 +1,7 @@
---
title: LocalSecurityAuthority Policy CSP
description: Learn more about the LocalSecurityAuthority Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -93,7 +93,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A
This policy controls the configuration under which LSASS is run.
-- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for clean installed, HVCI capable, client SKUs that are domain or cloud domain joined devices. This configuration isn't UEFI locked. This can be overridden if the policy is configured.
+- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for all clean installed, HVCI capable, client SKUs. This configuration isn't UEFI locked. This can be overridden if the policy is configured.
- If you configure and set this policy setting to "Disabled", LSA won't run as a protected process.
@@ -135,7 +135,7 @@ This policy controls the configuration under which LSASS is run.
| Friendly Name | Configures LSASS to run as a protected process |
| Location | Computer Configuration |
| Path | System > Local Security Authority |
-| Registry Key Name | System\CurrentControlSet\Control\Lsa |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
| ADMX File Name | LocalSecurityAuthority.admx |
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index da47e000cd..75b88b507b 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,7 +1,7 @@
---
title: MSSecurityGuide Policy CSP
description: Learn more about the MSSecurityGuide Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
---
@@ -11,8 +11,6 @@ ms.date: 01/31/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -223,7 +221,7 @@ ms.date: 01/31/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 5864c486c1..a8158e010d 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,7 +1,7 @@
---
title: NetworkListManager Policy CSP
description: Learn more about the NetworkListManager Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 08/06/2024
# Policy CSP - NetworkListManager
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -21,7 +19,7 @@ ms.date: 08/06/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -70,7 +68,7 @@ This policy setting allows you to specify whether users can change the network i
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -119,7 +117,7 @@ This policy setting allows you to specify whether users can change the network l
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -262,7 +260,7 @@ This policy setting provides the string that names a network. If this setting is
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -311,7 +309,7 @@ This policy setting allows you to configure the Network Location for networks th
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -360,7 +358,7 @@ This policy setting allows you to configure the Network Location type for networ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 65d5cb42bc..8c03b26633 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,7 +1,7 @@
---
title: Notifications Policy CSP
description: Learn more about the Notifications Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/18/2024
# Policy CSP - Notifications
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -21,7 +19,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index fa423988bf..098733446d 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,7 +1,7 @@
---
title: Printers Policy CSP
description: Learn more about the Printers Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
---
@@ -369,7 +369,7 @@ Determines whether Redirection Guard is enabled for the print spooler.
You can enable this setting to configure the Redirection Guard policy being applied to spooler.
-- If you disable or don't configure this policy setting, Redirection Guard will default to being 'enabled'.
+- If you disable or don't configure this policy setting, Redirection Guard will default to being 'Enabled'.
- If you enable this setting you may select the following options:
@@ -435,7 +435,12 @@ The following are the supported values:
-
+
+This policy setting controls whether packet level privacy is enabled for RPC for incoming connections.
+
+By default packet level privacy is enabled for RPC for incoming connections.
+
+If you enable or don't configure this policy setting, packet level privacy is enabled for RPC for incoming connections.
@@ -452,7 +457,6 @@ The following are the supported values:
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -460,6 +464,11 @@ The following are the supported values:
| Name | Value |
|:--|:--|
| Name | ConfigureRpcAuthnLevelPrivacyEnabled |
+| Friendly Name | Configure RPC packet level privacy setting for incoming connections |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | System\CurrentControlSet\Control\Print |
+| Registry Value Name | RpcAuthnLevelPrivacyEnabled |
| ADMX File Name | Printing.admx |
@@ -685,7 +694,16 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
-
+
+Determines whether Windows protected print is enabled on this computer.
+
+By default, Windows protected print isn't enabled and there aren't any restrictions on the print drivers that can be installed or print functionality.
+
+- If you enable this setting, the computer will operate in Windows protected print mode which only allows printing to printers that support a subset of inbox Windows print drivers.
+
+- If you disable this setting or don't configure it, there aren't any restrictions on the print drivers that can be installed or print functionality.
+
+For more information, please see [insert link to web page with WPP info]
@@ -702,7 +720,6 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -710,6 +727,11 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
| Name | Value |
|:--|:--|
| Name | ConfigureWindowsProtectedPrint |
+| Friendly Name | Configure Windows protected print |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\WPP |
+| Registry Value Name | WindowsProtectedPrintGroupPolicyState |
| ADMX File Name | Printing.admx |
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 895ee8c286..35949bfb98 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,7 +1,7 @@
---
title: Privacy Policy CSP
description: Learn more about the Privacy Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
---
@@ -2398,207 +2398,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
-
-## LetAppsAccessGenerativeAI
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI
-```
-
-
-
-
-This policy setting specifies whether Windows apps can use generative AI features of Windows.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-2]` |
-| Default Value | 0 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | LetAppsAccessGenerativeAI |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessGenerativeAI_Enum |
-
-
-
-
-
-
-
-
-
-## LetAppsAccessGenerativeAI_ForceAllowTheseApps
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceAllowTheseApps
-```
-
-
-
-
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `;`) |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | LetAppsAccessGenerativeAI |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessGenerativeAI_ForceAllowTheseApps_List |
-
-
-
-
-
-
-
-
-
-## LetAppsAccessGenerativeAI_ForceDenyTheseApps
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceDenyTheseApps
-```
-
-
-
-
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `;`) |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | LetAppsAccessGenerativeAI |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessGenerativeAI_ForceDenyTheseApps_List |
-
-
-
-
-
-
-
-
-
-## LetAppsAccessGenerativeAI_UserInControlOfTheseApps
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_UserInControlOfTheseApps
-```
-
-
-
-
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the generative AI setting for the listed apps. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `chr` (string) |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: `;`) |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | LetAppsAccessGenerativeAI |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessGenerativeAI_UserInControlOfTheseApps_List |
-
-
-
-
-
-
-
-
## LetAppsAccessGraphicsCaptureProgrammatic
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 68895bc0f7..70acc4ac5e 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -156,7 +156,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -166,7 +166,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
-
+
+This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity.
+
+This policy applies only when using legacy authentication to authenticate to the remote PC. Legacy authentication is limited to username and password, or certificates like smartcards. Legacy authentication doesn't leverage the Microsoft identity platform, such as Microsoft Entra ID. Legacy authentication includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.
+
+- If you enable this policy setting, Remote Desktop connections using legacy authentication will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and re-enter their credentials when prompted.
+
+- If you disable or don't configure this policy setting, Remote Desktop connections using legacy authentication will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.
@@ -183,7 +190,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -191,7 +197,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Name | Value |
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_POLICY |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Disconnect remote session on lock for legacy authentication |
+| Location | Computer Configuration |
+| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
+| Registry Value Name | fDisconnectOnLockLegacy |
+| ADMX File Name | TerminalServer.admx |
@@ -206,7 +217,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -216,7 +227,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
-
+
+This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity.
+
+This policy applies only when using an identity provider that uses the Microsoft identity platform, such as Microsoft Entra ID, to authenticate to the remote PC. This policy doesn't apply when using Legacy authentication which includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.
+
+- If you enable or don't configure this policy setting, Remote Desktop connections using the Microsoft identity platform will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and can use passwordless authentication if configured.
+
+- If you disable this policy setting, Remote Desktop connections using the Microsoft identity platform will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.
@@ -233,7 +251,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -241,7 +258,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Name | Value |
|:--|:--|
| Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Disconnect remote session on lock for Microsoft identity platform authentication |
+| Location | Computer Configuration |
+| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
+| Registry Value Name | fDisconnectOnLockMicrosoftIdentity |
+| ADMX File Name | TerminalServer.admx |
@@ -439,7 +461,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
✅ [10.0.25398.946] and later
✅ Windows 11, version 21H2 [10.0.22000.3014] and later
✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
✅ [10.0.25398.946] and later
✅ Windows 11, version 21H2 [10.0.22000.3014] and later
✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -453,7 +475,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
-
+
+This policy setting allows you to restrict clipboard data transfers from client to server.
+
+- If you enable this policy setting, you must choose from the following behaviors:
+
+- Disable clipboard transfers from client to server.
+
+- Allow plain text copying from client to server.
+
+- Allow plain text and images copying from client to server.
+
+- Allow plain text, images and Rich Text Format copying from client to server.
+
+- Allow plain text, images, Rich Text Format and HTML copying from client to server.
+
+- If you disable or don't configure this policy setting, users can copy arbitrary contents from client to server if clipboard redirection is enabled.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.
@@ -470,7 +510,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -478,7 +517,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
| Name | Value |
|:--|:--|
| Name | TS_CLIENT_CLIPBOARDRESTRICTION_CS |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Restrict clipboard transfer from client to server |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
+| ADMX File Name | TerminalServer.admx |
@@ -493,7 +536,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
✅ [10.0.25398.946] and later
✅ Windows 11, version 21H2 [10.0.22000.3014] and later
✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
✅ [10.0.25398.946] and later
✅ Windows 11, version 21H2 [10.0.22000.3014] and later
✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -507,7 +550,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
-
+
+This policy setting allows you to restrict clipboard data transfers from server to client.
+
+- If you enable this policy setting, you must choose from the following behaviors:
+
+- Disable clipboard transfers from server to client.
+
+- Allow plain text copying from server to client.
+
+- Allow plain text and images copying from server to client.
+
+- Allow plain text, images and Rich Text Format copying from server to client.
+
+- Allow plain text, images, Rich Text Format and HTML copying from server to client.
+
+- If you disable or don't configure this policy setting, users can copy arbitrary contents from server to client if clipboard redirection is enabled.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.
@@ -524,7 +585,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
-
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
**ADMX mapping**:
@@ -532,7 +592,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
| Name | Value |
|:--|:--|
| Name | TS_CLIENT_CLIPBOARDRESTRICTION_SC |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Restrict clipboard transfer from server to client |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
+| ADMX File Name | TerminalServer.admx |
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 005ef18357..fc7b78d250 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,7 +1,7 @@
---
title: Search Policy CSP
description: Learn more about the Search Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 08/06/2024
# Policy CSP - Search
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -648,7 +646,7 @@ The most restrictive value is `0` to now allow automatic language detection.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -930,13 +928,13 @@ This policy setting configures whether or not locations on removable drives can
-This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
+This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
-- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
-- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.
-- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search, and if search highlights are shown in the search box and in search home.
+- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search.
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index 39e032a8b4..e8025d4898 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -1,7 +1,7 @@
---
title: SettingsSync Policy CSP
description: Learn more about the SettingsSync Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -11,8 +11,6 @@ ms.date: 01/18/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -23,7 +21,7 @@ ms.date: 01/18/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -84,7 +82,7 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 6e99e05ccb..166eacb4b4 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,7 +1,7 @@
---
title: SmartScreen Policy CSP
description: Learn more about the SmartScreen Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
---
@@ -29,20 +29,11 @@ ms.date: 01/31/2024
-
-App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly.
+
+Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
-- If you enable this setting, you must choose from the following behaviors:
-
-- Turn off app recommendations.
-
-- Show me app recommendations.
-
-- Warn me before installing apps from outside the Store.
-
-- Allow apps from Store only.
-
-- If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet.
+> [!NOTE]
+> This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled. This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
@@ -110,23 +101,8 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot
-
-This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
-
-Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
-
-- If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
-
-- Warn and prevent bypass
-- Warn.
-
-- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
-
-- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
-
-- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
-
-- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
+
+Allows IT Admins to configure SmartScreen for Windows.
@@ -188,23 +164,8 @@ Some information is sent to Microsoft about files and programs run on PCs with t
-
-This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
-
-Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
-
-- If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
-
-- Warn and prevent bypass
-- Warn.
-
-- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
-
-- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
-
-- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
-
-- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
+
+Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
diff --git a/windows/client-management/mdm/policy-csp-speakforme.md b/windows/client-management/mdm/policy-csp-speakforme.md
new file mode 100644
index 0000000000..b1be7a5fa4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-speakforme.md
@@ -0,0 +1,79 @@
+---
+title: SpeakForMe Policy CSP
+description: Learn more about the SpeakForMe Area in Policy CSP.
+ms.date: 09/27/2024
+---
+
+
+
+
+# Policy CSP - SpeakForMe
+
+
+
+
+
+
+## EnableSpeakForMe
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/SpeakForMe/EnableSpeakForMe
+```
+
+
+
+
+This policy setting controls whether to allow the creation of personal voices with SpeakForMe Accessibility Windows Application.
+
+- If you enable this policy setting, then user can create their personal voice models.
+
+- If you disable this policy setting, then user can't create their personal voice models with SpeakForMe.
+
+- If you don't configure this policy setting (default), then users can launch the training flow and create their personal voice model through SpeakForMe.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md
index 09a4e3c938..dbcd21af22 100644
--- a/windows/client-management/mdm/policy-csp-sudo.md
+++ b/windows/client-management/mdm/policy-csp-sudo.md
@@ -1,7 +1,7 @@
---
title: Sudo Policy CSP
description: Learn more about the Sudo Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 04/10/2024
# Policy CSP - Sudo
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -21,7 +19,7 @@ ms.date: 04/10/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE
❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -31,7 +29,20 @@ ms.date: 04/10/2024
-
+
+This policy setting controls use of the sudo.exe command line tool.
+
+- If you enable this policy setting, then you may set a maximum allowed mode to run sudo in. This restricts the ways in which users may interact with command-line applications run with sudo. You may pick one of the following modes to allow sudo to run in:
+
+"Disabled": sudo is entirely disabled on this machine. When the user tries to run sudo, sudo will print an error message and exit.
+
+"Force new window": When sudo launches a command line application, it will launch that app in a new console window.
+
+"Disable input": When sudo launches a command line application, it will launch the app in the current console window, but the user won't be able to type input to the command line app. The user may also choose to run sudo in "Force new window" mode.
+
+"Normal": When sudo launches a command line application, it will launch the app in the current console window. The user may also choose to run sudo in "Force new window" or "Disable input" mode.
+
+- If you disable this policy or don't configure it, the user will be able to run sudo.exe normally (after enabling the setting in the Settings app).
@@ -65,7 +76,11 @@ ms.date: 04/10/2024
| Name | Value |
|:--|:--|
| Name | EnableSudo |
-| Path | Sudo > AT > System |
+| Friendly Name | Configure the behavior of the sudo command |
+| Location | Computer Configuration |
+| Path | System |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Sudo |
+| ADMX File Name | Sudo.admx |
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 57739476b7..1f4fbbaa1e 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,7 +1,7 @@
---
title: System Policy CSP
description: Learn more about the System Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -11,8 +11,6 @@ ms.date: 08/06/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -431,7 +429,7 @@ This policy setting determines whether Windows is allowed to download fonts and
- If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.
-- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
+- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts.
- If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
@@ -569,7 +567,7 @@ Specifies whether to allow app access to the Location service. Most restricted v
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See for more information.
-When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
@@ -888,7 +886,7 @@ To enable this behavior:
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-If you disable or don't configure this policy setting, devices enrolled to Windows Autopatch won't be able to take advantage of some deployment service features.
+If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
@@ -1471,7 +1469,7 @@ This policy setting lets you prevent apps and features from working with files o
* Users can't access OneDrive from the OneDrive app and file picker.
-* Windows Store apps can't access OneDrive using the WinRT API.
+* Packaged Microsoft Store apps can't access OneDrive using the WinRT API.
* OneDrive doesn't appear in the navigation pane in File Explorer.
@@ -1739,7 +1737,7 @@ This policy setting controls whether Windows records attempts to connect with th
-Diagnostic files created when feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
@@ -1761,8 +1759,8 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw
| Value | Description |
|:--|:--|
-| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so. |
-| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted. |
+| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. |
+| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. |
@@ -1777,7 +1775,7 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 2d9c9595f5..10d548c65f 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,7 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 04/10/2024
# Policy CSP - SystemServices
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -21,7 +19,7 @@ ms.date: 04/10/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -171,7 +169,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -221,7 +219,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -271,7 +269,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -321,7 +319,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -371,7 +369,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -421,7 +419,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -471,7 +469,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -521,7 +519,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -571,7 +569,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -621,7 +619,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -671,7 +669,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -721,7 +719,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -771,7 +769,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -821,7 +819,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -871,7 +869,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index 484f4c88ad..536b1b741f 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -1,7 +1,7 @@
---
title: TenantRestrictions Policy CSP
description: Learn more about the TenantRestrictions Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
---
@@ -41,9 +41,9 @@ When you enable this setting, compliant applications will be prevented from acce
-Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.
+Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.
-For details about setting up WDAC with tenant restrictions, see
+For details about setting up App Control with tenant restrictions, see
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 9ecb6a207c..a77f87712f 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,7 +1,7 @@
---
title: Update Policy CSP
description: Learn more about the Update Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
---
@@ -9,18 +9,12 @@ ms.date: 09/11/2024
# Policy CSP - Update
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
Update CSP policies are listed below based on the group policy area:
-- [Windows Insider Preview](#windows-insider-preview)
- - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes)
- - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
- - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
- [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate)
- [AllowOptionalContent](#allowoptionalcontent)
@@ -61,7 +55,8 @@ Update CSP policies are listed below based on the group policy area:
- [ConfigureDeadlineForQualityUpdates](#configuredeadlineforqualityupdates)
- [ConfigureDeadlineGracePeriod](#configuredeadlinegraceperiod)
- [ConfigureDeadlineGracePeriodForFeatureUpdates](#configuredeadlinegraceperiodforfeatureupdates)
- - [ConfigureDeadlineNoAutoReboot](#configuredeadlinenoautoreboot)
+ - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
+ - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
- [ConfigureFeatureUpdateUninstallPeriod](#configurefeatureupdateuninstallperiod)
- [NoUpdateNotificationsDuringActiveHours](#noupdatenotificationsduringactivehours)
- [ScheduledInstallDay](#scheduledinstallday)
@@ -76,6 +71,7 @@ Update CSP policies are listed below based on the group policy area:
- [SetEDURestart](#setedurestart)
- [UpdateNotificationLevel](#updatenotificationlevel)
- [Legacy Policies](#legacy-policies)
+ - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes)
- [AutoRestartDeadlinePeriodInDays](#autorestartdeadlineperiodindays)
- [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#autorestartdeadlineperiodindaysforfeatureupdates)
- [AutoRestartNotificationSchedule](#autorestartnotificationschedule)
@@ -99,188 +95,6 @@ Update CSP policies are listed below based on the group policy area:
- [ScheduleRestartWarning](#schedulerestartwarning)
- [SetAutoRestartNotificationDisable](#setautorestartnotificationdisable)
-## Windows Insider Preview
-
-
-### AlwaysAutoRebootAtScheduledTimeMinutes
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes
-```
-
-
-
-
-
-- If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.
-
-The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.
-
-- If you disable or don't configure this policy, Windows Update won't alter its restart behavior.
-
-If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[15-180]` |
-| Default Value | 15 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | AlwaysAutoRebootAtScheduledTime |
-| Friendly Name | Always automatically restart at the scheduled time |
-| Element Name | work (minutes) |
-| Location | Computer Configuration |
-| Path | Windows Components > Windows Update > Manage end user experience |
-| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
-| ADMX File Name | WindowsUpdate.admx |
-
-
-
-
-
-
-
-
-
-### ConfigureDeadlineNoAutoRebootForFeatureUpdates
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
-```
-
-
-
-
-When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
-
-
-
-
-
-
-
-
-
-### ConfigureDeadlineNoAutoRebootForQualityUpdates
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
-```
-
-
-
-
-When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | `int` |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
-
-
-
-
-
-
-
-
## Manage updates offered from Windows Update
@@ -2518,8 +2332,8 @@ Number of days before feature updates are installed on devices automatically reg
| Name | Value |
|:--|:--|
-| Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Name | ComplianceDeadlineForFU |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
| Element Name | Deadline (days) |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
@@ -2578,7 +2392,7 @@ Number of days before quality updates are installed on devices automatically reg
| Name | Value |
|:--|:--|
| Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for quality update |
| Element Name | Deadline (days) |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
@@ -2633,7 +2447,7 @@ Minimum number of days from update installation until restarts occur automatical
| Name | Value |
|:--|:--|
| Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for quality update |
| Element Name | Grace period (days) |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
@@ -2687,8 +2501,8 @@ Minimum number of days from update installation until restarts occur automatical
| Name | Value |
|:--|:--|
-| Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Name | ComplianceDeadlineForFU |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
| Element Name | Grace Period (days) |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
@@ -2702,31 +2516,47 @@ Minimum number of days from update installation until restarts occur automatical
-
-### ConfigureDeadlineNoAutoReboot
+
+### ConfigureDeadlineNoAutoRebootForFeatureUpdates
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
-
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoReboot
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
```
-
+
-
-
-When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured.
-
+
+
+This policy lets you specify the number of days before feature updates are installed on devices automatically, and a grace period after which required restarts occur automatically.
-
+Set deadlines for feature updates and quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.
+
+Set a grace period for feature updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.
+
+You can set the device to delay restarting until both the deadline and grace period have expired.
+
+If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule.
+
+This policy will override the following policies:
+
+1. Specify deadline before auto restart for update installation
+1. Specify Engaged restart transition and notification schedule for updates.
+
+1. Always automatically restart at the scheduled time
+1. Configure Automatic Updates.
+
+
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
@@ -2734,36 +2564,115 @@ When enabled, devices won't automatically restart outside of active hours until
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
-
+
-
+
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Disabled. |
| 1 | Enabled. |
-
+
-
+
**Group policy mapping**:
| Name | Value |
|:--|:--|
-| Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Name | ComplianceDeadlineForFU |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
| Element Name | Don't auto-restart until end of grace period. |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
| ADMX File Name | WindowsUpdate.admx |
-
+
-
+
-
+
-
+
+
+
+### ConfigureDeadlineNoAutoRebootForQualityUpdates
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
+```
+
+
+
+
+This policy lets you specify the number of days before quality updates are installed on devices automatically, and a grace period after which required restarts occur automatically.
+
+Set deadlines for quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.
+
+Set a grace period for quality updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.
+
+You can set the device to delay restarting until both the deadline and grace period have expired.
+
+If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule.
+
+This policy will override the following policies:
+
+1. Specify deadline before auto restart for update installation
+1. Specify Engaged restart transition and notification schedule for updates.
+
+1. Always automatically restart at the scheduled time
+1. Configure Automatic Updates.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ComplianceDeadline |
+| Friendly Name | Specify deadline for automatic updates and restarts for quality update |
+| Element Name | Don't auto-restart until end of grace period. |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Manage end user experience |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
### ConfigureFeatureUpdateUninstallPeriod
@@ -3647,6 +3556,68 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
## Legacy Policies
+
+### AlwaysAutoRebootAtScheduledTimeMinutes
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes
+```
+
+
+
+
+
+- If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.
+
+The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.
+
+- If you disable or don't configure this policy, Windows Update won't alter its restart behavior.
+
+If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[15-180]` |
+| Default Value | 15 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AlwaysAutoRebootAtScheduledTime |
+| Friendly Name | Always automatically restart at the scheduled time |
+| Element Name | work (minutes) |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Legacy Policies |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
+
### AutoRestartDeadlinePeriodInDays
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index dc226ea336..68db80419e 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,7 +1,7 @@
---
title: UserRights Policy CSP
description: Learn more about the UserRights Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/18/2024
# Policy CSP - UserRights
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as Security Identifiers (SID) or strings. For more information, see [Well-known SID structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
@@ -258,7 +256,7 @@ This user right allows a process to impersonate any user without authentication.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -359,7 +357,7 @@ This user right determines which users can log on to the computer.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -460,7 +458,7 @@ This user right determines which users can bypass file, directory, registry, and
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -567,7 +565,7 @@ This user right determines which users and groups can change the time and date o
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1027,7 +1025,7 @@ This security setting determines which service accounts are prevented from regis
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1076,7 +1074,7 @@ This security setting determines which accounts are prevented from being able to
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1336,7 +1334,7 @@ Assigning this user right to a user allows programs running on behalf of that us
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1543,7 +1541,7 @@ This user right determines which accounts can use a process to keep data in phys
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1592,7 +1590,7 @@ This security setting allows a user to be logged-on by means of a batch-queue fa
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1889,7 +1887,7 @@ This user right determines which users can use performance monitoring tools to m
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1987,7 +1985,7 @@ This user right determines which users are allowed to shut down a computer from
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2088,7 +2086,7 @@ This user right determines which users can bypass file, directory, registry, and
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index 0b01461d1e..96d9296b8a 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -1,7 +1,7 @@
---
title: WebThreatDefense Policy CSP
description: Learn more about the WebThreatDefense Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/31/2024
# Policy CSP - WebThreatDefense
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
> [!NOTE]
@@ -23,7 +21,7 @@ ms.date: 01/31/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 1d1a1691af..642e2df000 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
---
@@ -21,7 +21,7 @@ ms.date: 09/11/2024
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -31,14 +31,12 @@ ms.date: 09/11/2024
-
-This policy setting allows you to determine whether end users have the option to allow snapshots to be saved on their PCs.
+
+This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device.
-- If disabled, end users will have a choice to save snapshots of their screen on their PC and then use Recall to find things they've seen.
+- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall.
-- If the policy is enabled, end users won't be able to save snapshots on their PC.
-
-- If the policy isn't configured, end users may or may not be able to save snapshots on their PC-depending on other policy configurations.
+- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall.
@@ -70,7 +68,12 @@ This policy setting allows you to determine whether end users have the option to
| Name | Value |
|:--|:--|
| Name | DisableAIDataAnalysis |
-| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+| Friendly Name | Turn off Saving Snapshots for Windows |
+| Location | User Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | DisableAIDataAnalysis |
+| ADMX File Name | WindowsCopilot.admx |
@@ -203,6 +206,58 @@ This policy setting allows you to control whether Image Creator functionality is
+
+## SetCopilotHardwareKey
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetCopilotHardwareKey
+```
+
+
+
+
+This policy setting determines which app opens when the user presses the Copilot key on their keyboard.
+
+- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings.
+
+- If the policy isn't configured, Copilot will open if it's available in that country or region.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetCopilotHardwareKey |
+| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
+
+
+
+
+
+
+
+
## TurnOffWindowsCopilot
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index d9c4d40da1..c7a7fe256c 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,7 +1,7 @@
---
title: WindowsLogon Policy CSP
description: Learn more about the WindowsLogon Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
---
@@ -380,11 +380,11 @@ This policy setting allows you to control whether users see the first sign-in an
-This policy controls the configuration under which winlogon sends MPR notifications in the system.
+This policy controls whether the user's password is included in the content of MPR notifications sent by winlogon in the system.
-- If you enable this setting or don't configure it, winlogon sends MPR notifications if a credential manager is configured.
+- If you disable this setting or don't configure it, winlogon sends MPR notifications with empty password fields of the user's authentication info.
-- If you disable this setting, winlogon doesn't send MPR notifications.
+- If you enable this setting, winlogon sends MPR notifications containing the user's password in the authentication info.
@@ -415,7 +415,7 @@ This policy controls the configuration under which winlogon sends MPR notificati
| Name | Value |
|:--|:--|
| Name | EnableMPRNotifications |
-| Friendly Name | Enable MPR notifications for the system |
+| Friendly Name | Configure the transmission of the user's password in the content of MPR notifications sent by winlogon. |
| Location | Computer Configuration |
| Path | Windows Components > Windows Logon Options |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index ffa94e847a..a22172669f 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,7 +1,7 @@
---
title: WindowsSandbox Policy CSP
description: Learn more about the WindowsSandbox Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
---
@@ -9,8 +9,6 @@ ms.date: 01/18/2024
# Policy CSP - WindowsSandbox
-[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
-
@@ -149,7 +147,7 @@ This policy setting enables or disables clipboard sharing with the sandbox.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -159,8 +157,18 @@ This policy setting enables or disables clipboard sharing with the sandbox.
-
-Allow mapping folders into Windows Sandbox.
+
+This policy setting enables or disables mapping folders into sandbox.
+
+- If you enable this policy setting, mapping folders from the host into Sandbox will be permitted.
+
+- If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files.
+
+- If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted.
+
+- If you don't configure this policy setting, mapped folders will be enabled.
+
+Note that there may be security implications of exposing folders from the host into the container.
@@ -184,7 +192,12 @@ Allow mapping folders into Windows Sandbox.
| Name | Value |
|:--|:--|
| Name | AllowMappedFolders |
-| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+| Friendly Name | Allow mapping folders into Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowMappedFolders |
+| ADMX File Name | WindowsSandbox.admx |
@@ -457,7 +470,7 @@ Note that there may be security implications of exposing host video input to the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -467,8 +480,18 @@ Note that there may be security implications of exposing host video input to the
-
-Allow Sandbox to write to mapped folders.
+
+This policy setting enables or disables mapping folders into sandbox.
+
+- If you enable this policy setting, mapping folders from the host into Sandbox will be permitted.
+
+- If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files.
+
+- If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted.
+
+- If you don't configure this policy setting, mapped folders will be enabled.
+
+Note that there may be security implications of exposing folders from the host into the container.
@@ -492,8 +515,13 @@ Allow Sandbox to write to mapped folders.
| Name | Value |
|:--|:--|
-| Name | AllowWriteToMappedFolders |
-| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+| Name | AllowMappedFolders |
+| Friendly Name | Allow mapping folders into Windows Sandbox |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Sandbox |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
+| Registry Value Name | AllowMappedFolders |
+| ADMX File Name | WindowsSandbox.admx |
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index eba37a1745..3011ad91da 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -48,12 +48,12 @@ items:
- name: Protocol
expanded: true
items:
- - name: Overview
- href: ../declared-configuration.md
- - name: Discovery
- href: ../declared-configuration-discovery.md
- - name: Enrollment
- href: ../declared-configuration-enrollment.md
+ - name: Overview
+ href: ../declared-configuration.md
+ - name: Discovery
+ href: ../declared-configuration-discovery.md
+ - name: Enrollment
+ href: ../declared-configuration-enrollment.md
- name: Extensibility
href: ../declared-configuration-extensibility.md
- name: Resource access
@@ -387,7 +387,7 @@ items:
href: policy-csp-authentication.md
- name: Autoplay
href: policy-csp-autoplay.md
- - name: BitLocker
+ - name: Bitlocker
href: policy-csp-bitlocker.md
- name: BITS
href: policy-csp-bits.md
@@ -537,6 +537,8 @@ items:
href: policy-csp-settingssync.md
- name: SmartScreen
href: policy-csp-smartscreen.md
+ - name: SpeakForMe
+ href: policy-csp-speakforme.md
- name: Speech
href: policy-csp-speech.md
- name: Start
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 2fc576e11b..a20075e2cf 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -15,7 +15,7 @@ metadata:
author: aczechowski
ms.author: aaroncz
manager: aaroncz
- ms.date: 08/27/2024
+ ms.date: 10/01/2024
highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | training | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -31,7 +31,7 @@ highlightedContent:
- title: Windows 11, version 24H2 group policy settings reference
itemType: download
- url: https://www.microsoft.com/download/details.aspx?id=105668
+ url: https://www.microsoft.com/download/details.aspx?id=106255
- title: Windows administrative tools
itemType: concept
@@ -73,7 +73,7 @@ conceptualContent:
- title: Privacy in Windows
links:
- - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+ - url: /windows/privacy/required-diagnostic-events-fields-windows-11-24h2
itemType: reference
text: Windows 11 required diagnostic data
- url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index 92ce858c06..da212c5802 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -7,7 +7,7 @@ ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
-ms.date: 04/24/2024
+ms.date: 10/01/2024
ms.topic: reference
ms.collection: privacy-windows
---
@@ -27,6 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
@@ -903,7 +904,7 @@ The following fields are available:
- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden?
+- **DriverBlockOverridden** Is there a driver block on the device that has been overridden?
- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
@@ -949,7 +950,6 @@ The following fields are available:
- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade?
- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
-
### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date.
@@ -1763,7 +1763,6 @@ The following fields are available:
The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows.
-
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
@@ -2186,7 +2185,7 @@ The following fields are available:
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
-- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@@ -2626,7 +2625,7 @@ Fires when the compatibility check completes. Gives the results from the check.
The following fields are available:
- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
-- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement).
+- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement).
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
@@ -4759,6 +4758,7 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+
### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly.
@@ -5375,7 +5375,7 @@ This Ping event sends a detailed inventory of software and hardware information
The following fields are available:
- **appAp** Any additional parameters for the specified application. Default: ''.
-- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
+- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined.
- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev).
- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
@@ -5383,11 +5383,11 @@ The following fields are available:
- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'.
+- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
-- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
@@ -5398,8 +5398,8 @@ The following fields are available:
- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
-- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
+- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'.
+- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute.
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
@@ -5409,9 +5409,9 @@ The following fields are available:
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
-- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **appVersion** The version of the product install. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **eventType** A string indicating the type of the event. Please see the wiki for additional information.
+- **eventType** A string indicating the type of the event.
- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'.
- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
@@ -9069,7 +9069,7 @@ The following fields are available:
### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours
-This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date.
+This event indicates that update activity was blocked because it's within the active hours window. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
@@ -10231,7 +10231,4 @@ The following fields are available:
- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application.
-- **UserId** The XUID (Xbox User ID) of the current user.
-
-
-
+- **UserId** The XUID (Xbox User ID) of the current user.
\ No newline at end of file
diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml
index f06366e02f..3f854c689e 100644
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@@ -39,7 +39,7 @@ productDirectory:
- title: Windows 11 required diagnostic data
imageSrc: /media/common/i_extend.svg
summary: Learn more about basic Windows diagnostic data events and fields collected.
- url: required-diagnostic-events-fields-windows-11-22H2.md
+ url: required-diagnostic-events-fields-windows-11-24H2.md
- title: Windows 10 required diagnostic data
imageSrc: /media/common/i_build.svg
summary: See what changes Windows is making to align to the new data collection taxonomy
diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
index 97d13f6d72..446a29e39a 100644
--- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
@@ -8,7 +8,7 @@ ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
-ms.date: 02/29/2024
+ms.date: 10/01/2024
ms.topic: reference
ms.collection: privacy-windows
---
@@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
@@ -128,6 +129,7 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser binary generating the events.
+
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
@@ -780,6 +782,7 @@ The following fields are available:
- **AppraiserVersion** Appraiser version.
+
### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
@@ -1309,7 +1312,6 @@ The following fields are available:
- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
- **xid** A list of base10-encoded XBOX User IDs.
-
## Common data fields
### Ms.Device.DeviceInventoryChange
@@ -1725,7 +1727,7 @@ The following fields are available:
### Microsoft.Windows.HangReporting.AppHangEvent
-This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and won't produce AppHang events.
The following fields are available:
@@ -1751,31 +1753,6 @@ The following fields are available:
## Holographic events
-### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
-
-This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **SessionID** Unique value for each attempt.
-- **TargetAsId** The sequence number for the process.
-- **windowInstanceId** Unique value for each window instance.
-
-
-### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
-
-This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
-
-The following fields are available:
-
-- **EventHistory** Unique number of event history.
-- **ExternalComponentState** State of external component.
-- **LastEvent** Unique number of last event.
-- **SessionID** Unique value for each attempt.
-- **TargetAsId** The sequence number for the process.
-- **windowInstanceId** Unique value for each window instance.
-
-
### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated
This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly.
@@ -2247,6 +2224,22 @@ The following fields are available:
- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
+### Microsoft.Edge.Crashpad.HangEvent
+
+This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
+
+The following fields are available:
+
+- **app_name** The name of the hanging process.
+- **app_session_guid** Encodes the boot session, process, and process start time.
+- **app_version** The version of the hanging process.
+- **client_id_hash** Hash of the browser client id to help identify the installation.
+- **etag** Identifier to help identify running browser experiments.
+- **hang_source** Identifies how the hang was detected.
+- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
+- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
+
+
## OneSettings events
### Microsoft.Windows.OneSettingsClient.Status
@@ -2273,105 +2266,29 @@ The following fields are available:
## Other events
-### Microsoft.Edge.Crashpad.HangEvent
+### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
-This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang.
+This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
-- **app_name** The name of the hanging process.
-- **app_session_guid** Encodes the boot session, process, and process start time.
-- **app_version** The version of the hanging process.
-- **client_id_hash** Hash of the browser client id to help identify the installation.
-- **etag** Identifier to help identify running browser experiments.
-- **hang_source** Identifies how the hang was detected.
-- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc.
-- **stack_hash** A hash of the hanging stack. Currently not used or set to zero.
+- **SessionID** Unique value for each attempt.
+- **TargetAsId** The sequence number for the process.
+- **windowInstanceId** Unique value for each window instance.
-### Microsoft.Gaming.Critical.Error
+### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
-Common error event used by the Gaming Telemetry Library to provide centralized monitoring for critical errors logged by callers using the library.
+This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
-- **callStack** List of active subroutines running during error occurrence.
-- **componentName** Friendly name meant to represent what feature area this error should be attributed to. Used for aggregations and pivots of data.
-- **customAttributes** List of custom attributes.
-- **errorCode** Error code.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **featureName** Friendly name meant to represent which feature this should be attributed to.
-- **identifier** Error identifier.
-- **message** Error message.
-- **properties** List of properties attributed to the error.
-
-### Microsoft.Gaming.Critical.ProviderRegistered
-
-Indicates that a telemetry provider has been registered with the Gaming Telemetry Library.
-
-The following fields are available:
-
-- **providerNamespace** The telemetry Namespace for the registered provider.
-
-### Microsoft.Gaming.OOBE.HDDBackup
-
-This event describes whether an External HDD back up has been found.
-
-The following fields are available:
-
-- **backupVersion** version number of backup.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **hasConsoleSettings** Indicates whether the console settings stored.
-- **hasUserSettings** Indicates whether the user settings stored.
-- **hasWirelessProfile** Indicates whether the wireless profile stored.
-- **hddBackupFound** Indicates whether hdd backup is found.
-- **osVersion** Operating system version.
-
-### Microsoft.Gaming.OOBE.OobeComplete
-
-This event is triggered when OOBE activation is complete.
-
-The following fields are available:
-
-- **allowAutoUpdate** Allows auto update.
-- **allowAutoUpdateApps** Allows auto update for apps.
-- **appliedTransferToken** Applied transfer token.
-- **connectionType** Connection type.
-- **curSessionId** Current session id.
-- **extendedData** JSON blob representing additional, provider-level properties common to the component.
-- **instantOn** Instant on.
-- **moobeAcceptedState** Moobe accepted state.
-- **phaseOneElapsedTimeMs** Total elapsed time in milliseconds for phase 1.
-- **phaseOneVersion** Version of phase 1.
-- **phaseTwoElapsedTimeMs** Total elapsed time in milliseconds for phase 2.
-- **phaseTwoVersion** Version of phase 2.
-- **systemUpdateRequired** Indicates whether a system update required.
-- **totalElapsedTimeMs** Total elapsed time in milliseconds of all phases.
-- **usedCloudBackup** Indicates whether cloud backup is used.
-- **usedHDDBackup** Indicates whether HDD backup is used.
-- **usedOffConsole** Indicates whether off console is used.
-
-
-### Microsoft.Gaming.OOBE.SessionStarted
-
-This event is sent at the start of OOBE session.
-
-The following fields are available:
-
-- **customAttributes** customAttributes.
-- **extendedData** extendedData.
-
-### Microsoft.Surface.Mcu.Prod.CriticalLog
-
-Error information from Surface device firmware.
-
-The following fields are available:
-
-- **CrashLog** MCU crash log
-- **criticalLogSize** Log size
-- **CUtility::GetTargetNameA(target)** Product identifier.
-- **productId** Product identifier
-- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure.
+- **EventHistory** Unique number of event history.
+- **ExternalComponentState** State of external component.
+- **LastEvent** Unique number of last event.
+- **SessionID** Unique value for each attempt.
+- **TargetAsId** The sequence number for the process.
+- **windowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Defender.Engine.Maps.Heartbeat
@@ -2409,6 +2326,7 @@ The following fields are available:
- **Action** Action string indicating place of failure
- **hr** Return HRESULT code
+
### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted
Event that indicates secure boot update has started.
@@ -2419,22 +2337,6 @@ The following fields are available:
- **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade.
-### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
-
-This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
-
-The following fields are available:
-
-- **CV** The correlation vector.
-- **GlobalEventCounter** The global event counter for all telemetry on the device.
-- **UpdateAssistantStateDownloading** True at the start Downloading.
-- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
-- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
-- **UpdateAssistantStateInstalling** True at the start of Installing.
-- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
-- **UpdateAssistantVersion** Current package version of UpdateAssistant.
-
-
### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled
This event fires when HVCI is already enabled so no need to continue auto-enablement.
@@ -2670,6 +2572,19 @@ The following fields are available:
- **Ver** Schema version.
+### Microsoft.Surface.Mcu.Prod.CriticalLog
+
+Error information from Surface device firmware.
+
+The following fields are available:
+
+- **CrashLog** MCU crash log
+- **criticalLogSize** Log size
+- **CUtility::GetTargetNameA(target)** Product identifier.
+- **productId** Product identifier
+- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure.
+
+
### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly.
@@ -2710,6 +2625,24 @@ The following fields are available:
- **UpdateAttempted** Indicates if installation of the current update has been attempted before.
+## Update Assistant events
+
+### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState
+
+This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **CV** The correlation vector.
+- **GlobalEventCounter** The global event counter for all telemetry on the device.
+- **UpdateAssistantStateDownloading** True at the start Downloading.
+- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication.
+- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates.
+- **UpdateAssistantStateInstalling** True at the start of Installing.
+- **UpdateAssistantStatePostInstall** True at the start of PostInstall.
+- **UpdateAssistantVersion** Current package version of UpdateAssistant.
+
+
## Update events
### Update360Telemetry.FellBackToDownloadingAllPackageFiles
@@ -3574,7 +3507,7 @@ The following fields are available:
- **flightMetadata** Contains the FlightId and the build being flighted.
- **objectId** Unique value for each Update Agent mode.
- **relatedCV** Correlation vector value generated from the latest USO scan.
-- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled.
- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
- **sessionId** Unique value for each Update Agent mode attempt.
@@ -3758,6 +3691,3 @@ The following fields are available:
- **SessionId** The UpdateAgent “SessionId” value.
- **UpdateId** Unique identifier for the Update.
- **WuId** Unique identifier for the Windows Update client.
-
-
-
diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md
new file mode 100644
index 0000000000..cf3ffdba05
--- /dev/null
+++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md
@@ -0,0 +1,4266 @@
+---
+description: Learn more about the diagnostic data gathered for Windows 11, version 24H2.
+title: Required diagnostic events and fields for Windows 11, version 24H2
+keywords: privacy, telemetry
+ms.service: windows-client
+ms.subservice: itpro-privacy
+ms.localizationpriority: high
+author: DHB-MSFT
+ms.author: danbrown
+manager: laurawi
+ms.date: 10/01/2024
+ms.topic: reference
+ms.collection: privacy-windows
+---
+
+# Required diagnostic events and fields for Windows 11, version 24H2
+
+**Applies to**
+
+- Windows 11, version 24H2
+
+Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store.
+
+Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
+
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
+
+You can learn more about Windows functional and diagnostic data through these articles:
+
+- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
+- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
+- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
+- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
+## Appraiser events
+
+### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
+
+This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **DatasourceApplicationFile_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_NI22H2** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_NI22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device.
+- **DatasourceApplicationFile_ZN23H2** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFileBackup** The count of the number of this particular object type present on this device.
+- **DatasourceBackupApplicationRestore** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_20H1Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_NI22H2** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_NI22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device.
+- **DatasourceDevicePnp_ZN23H2** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_20H1Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_NI22H2** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_NI22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device.
+- **DatasourceDriverPackage_ZN23H2** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_20H1Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CO21H2Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_NI22H2** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_NI22H2Setup** The total number of objects of this type present on this device.
+- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device.
+- **DatasourceSystemBios_ZN23H2** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_RS1** The total number of objects of this type present on this device.
+- **DecisionApplicationFile_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_RS1** The total number of objects of this type present on this device.
+- **DecisionDevicePnp_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_RS1** The total number of objects of this type present on this device.
+- **DecisionDriverPackage_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_RS1** The total number of objects of this type present on this device.
+- **DecisionMediaCenter_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSModeState_RS1** The total number of objects of this type present on this device.
+- **DecisionSModeState_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSModeState_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemBios_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemBios_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemDiskSize_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSystemDiskSize_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemMemory_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSystemMemory_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuCores_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuCores_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorCpuModel_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuModel_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemProcessorCpuSpeed_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionSystemProcessorPopCnt** The count of the number of this particular object type present on this device.
+- **DecisionTest_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTest_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionTest_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionTest_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionTest_RS1** The total number of objects of this type present on this device.
+- **DecisionTest_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionTest_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionTest_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device.
+- **DecisionTpmVersion_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionTpmVersion_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_CO21H2Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_NI22H2** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_NI22H2Setup** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device.
+- **DecisionUefiSecureBoot_ZN23H2** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **DecisionUefiSecureBoot_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
+- **InventorySystemBios** The count of the number of this particular object type present on this device.
+- **InventoryTest** The count of the number of this particular object type present on this device.
+- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
+- **PCFP** The count of the number of this particular object type present on this device.
+- **SystemMemory** The count of the number of this particular object type present on this device.
+- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device.
+- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device.
+- **SystemProcessorNx** The total number of objects of this type present on this device.
+- **SystemProcessorPopCnt** The count of the number of this particular object type present on this device.
+- **SystemProcessorPopCnt_NI22H2** The count of the number of this particular object type present on this device.
+- **SystemProcessorPopCnt_RS1** The count of the number of this particular object type present on this device.
+- **SystemProcessorPopCnt_ZN23H2** The count of the number of this particular object type present on this device.
+- **SystemProcessorPopCnt_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **SystemProcessorPopCnt_ZN23H2Setup** The count of the number of this particular object type present on this device.
+- **SystemProcessorPrefetchW** The total number of objects of this type present on this device.
+- **SystemProcessorSse2** The total number of objects of this type present on this device.
+- **SystemTouch** The count of the number of this particular object type present on this device.
+- **SystemWim** The total number of objects of this type present on this device.
+- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
+- **SystemWlan** The total number of objects of this type present on this device.
+- **Wmdrm_CO21H2Setup** The total number of objects of this type present on this device.
+- **Wmdrm_CU23H2Setup** The count of the number of this particular object type present on this device.
+- **Wmdrm_NI22H2** The count of the number of this particular object type present on this device.
+- **Wmdrm_NI22H2Setup** The total number of objects of this type present on this device.
+- **Wmdrm_RS1** The total number of objects of this type present on this device.
+- **Wmdrm_ZN23H2** The count of the number of this particular object type present on this device.
+- **Wmdrm_ZN23H2Exp** The count of the number of this particular object type present on this device.
+- **Wmdrm_ZN23H2Setup** The count of the number of this particular object type present on this device.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
+
+This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreAdd
+
+Represents the basic metadata about the interesting backed up applications to be restored on the system. This event describes whether the backed up applications are incompatible with upcoming Windows Feature updates. Microsoft uses this information to understand and address problems with computers receiving updates.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **BackupLabel** Indicates compatibility information about the application found on the backup device.
+- **CatalogSource** The type of application.
+- **CreatePlaceholder** Represents the decision regarding if the application should be restored.
+- **Name** Name of the application.
+- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it.
+- **SdbEntryGuid** Indicates the SDB entry that applies to this file.
+- **SdbRestoreAction** Indicates compatibility information about the application found on the backup device.
+
+### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreStartSync
+
+This event indicates that a new set of DatasourceBackupApplicationRestoreAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove
+
+This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
+
+This event sends compatibility decision data about non-blocking entries on the system that aren't keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks.
+- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.RestoreContext
+
+This event indicates the result of the restore appraisal.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the currently-running version of appraiser was built.
+- **AppraiserVersion** The version of the appraiser binary generating the events.
+- **Context** Indicates what mode appraiser is running in, this should be Restore.
+- **PCFP** An ID for the system, calculated by hashing hardware identifiers.
+- **Result** HRESULT indicating the result of the restore appraisal.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntAdd
+
+This event sends data indicating whether the system supports the PopCnt CPU requirement for newer versions of Windows, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** Appraiser version
+- **Blocking** Is the upgrade blocked due to the processor missing the PopCnt instruction?
+- **PopCntPassed** Whether the machine passes the latest OS hardware requirements or not for the PopCnt instruction.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntStartSync
+
+The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** Appraiser version.
+
+
+## Census events
+
+### Census.Xbox
+
+This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date.
+
+The following fields are available:
+
+- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console.
+- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console.
+- **XboxLiveDeviceId** Retrieves the unique device ID of the console.
+- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft.
+
+## Code Integrity events
+
+### Microsoft.Windows.Security.CodeIntegrity.Driver.AggregatedBlock
+
+AggregatedBlock is an event with non-PII details on drivers blocked by code integrity. Fires no more than once per 25 days per driver.
+
+The following fields are available:
+
+- **CertificateInfo** Non-PII details about the digital signature(s) and digital countersignatures on driver binary files which was blocked from loading.
+- **DriverInfo** Non-PII details about the driver binary file and its digital signature(s) and digital countersignature.
+- **EventVersion** The version of the schema used in the DriverInfo field.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked
+
+Indicates if OEM attempted to block autoenablement via regkey.
+
+The following fields are available:
+
+- **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise.
+- **BlockRequested** Whether an autoenablement block was requested.
+- **Scenario** Used to differentiate VBS and HVCI paths.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility
+
+Fires when the compatibility check completes. Gives the results from the check.
+
+The following fields are available:
+
+- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
+- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement)
+- **Scenario** Denotes whether SysPrep is attempting to enable HVCI (0) or VBS (1).
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
+
+Fires when auto-enablement is successful and HVCI is being enabled on the device.
+
+The following fields are available:
+
+- **Error** Error code if there was an issue during enablement
+- **Scenario** Indicates whether enablement was for VBS vs HVCI
+- **SuccessfullyEnabled** Indicates whether enablement was successful
+- **Upgrade** Indicates whether the event was fired during upgrade (rather than clean install)
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity
+
+Fires at the beginning and end of the HVCI auto-enablement process in sysprep.
+
+The following fields are available:
+
+- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating success or failure.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled
+
+Fires when HVCI is already enabled so no need to continue auto-enablement.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
+
+Fires when driver scanning fails to get results.
+
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError
+
+Fires when there's an error checking the SDB for a particular driver.
+
+The following fields are available:
+
+- **DriverPath** Path to the driver that was being checked in the SDB when checking encountered an error.
+- **Error** Error encountered during checking the SDB.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverNonCompliantError
+
+Fires when a driver is discovered that is non-compliant with HVCI.
+
+The following fields are available:
+
+- **DriverPath** Path to driver.
+- **NonComplianceMask** Error code indicating driver violation.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage
+
+Fires when an incompatible language pack is detected.
+
+The following fields are available:
+
+- **Language** String containing the incompatible language pack detected.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.KcetHvciDisabled
+
+This event indicates that kernel-mode Control-flow Enforcement Technology (CET), which is a CPU-based security feature that protects against return address hijacking attacks from malicious software, was unable to be enabled because HVCI (a dependent security feature) wasn't also enabled.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOff
+
+This event tracks when Defender turns off Smart App Control via the Cloud.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOffIgnored
+
+This event indicates that a request to switch Smart App Control off by Defender from the cloud was ignored as the device was still within the grace period after OOBE.
+
+The following fields are available:
+
+- **Count** Count of events in the aggregation window.
+- **CurrentTimeMax** Time of latest event.
+- **CurrentTimeMin** Time of first event.
+- **NightsWatchDesktopIgnoreAutoOptOut** Value of NightsWatchDesktopIgnoreAutoOptOut in registry.
+- **OOBECompleteTime** Value of OOBECompleteTime in registry.
+- **OOBESafetyTime** Start of timer set by Smart App Control if OOBECompleteTime wasn't set.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWOff
+
+This event tracks when Smart App Control is turned off.
+
+
+### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWToEnforcementMode
+
+This event tracks when Smart App Control is changed from evaluation to enforcement mode.
+
+
+
+## Common data extensions
+
+### Common Data Extensions.app
+
+Describes the properties of the running application. This extension could be populated by a client app or a web app.
+
+The following fields are available:
+
+- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
+- **env** The environment from which the event was logged.
+- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
+- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
+- **locale** The locale of the app.
+- **name** The name of the app.
+- **userId** The userID as known by the application.
+- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
+
+
+### Common Data Extensions.container
+
+Describes the properties of the container for events logged within a container.
+
+The following fields are available:
+
+- **epoch** An ID that's incremented for each SDK initialization.
+- **localId** The device ID as known by the client.
+- **osVer** The operating system version.
+- **seq** An ID that's incremented for each event.
+- **type** The container type. Examples: Process or VMHost
+
+
+### Common Data Extensions.device
+
+Describes the device-related fields.
+
+The following fields are available:
+
+- **deviceClass** The device classification. For example, Desktop, Server, or Mobile.
+- **localId** A locally-defined unique ID for the device. This isn't the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
+- **make** Device manufacturer.
+- **model** Device model.
+
+
+### Common Data Extensions.Envelope
+
+Represents an envelope that contains all of the common data extensions.
+
+The following fields are available:
+
+- **data** Represents the optional unique diagnostic data for a particular event schema.
+- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
+- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
+- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
+- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv).
+- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
+- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
+- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
+- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
+- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
+- **iKey** Represents an ID for applications or other logical groupings of events.
+- **name** Represents the uniquely qualified name for the event.
+- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.mscv
+
+Describes the correlation vector-related fields.
+
+The following fields are available:
+
+- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries.
+
+
+### Common Data Extensions.os
+
+Describes some properties of the operating system.
+
+The following fields are available:
+
+- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
+- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
+- **locale** Represents the locale of the operating system.
+- **name** Represents the operating system name.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.sdk
+
+Used by platform specific libraries to record fields that are required for a specific SDK.
+
+The following fields are available:
+
+- **epoch** An ID that is incremented for each SDK initialization.
+- **installId** An ID that's created during the initialization of the SDK for the first time.
+- **libVer** The SDK version.
+- **seq** An ID that is incremented for each event.
+- **ver** The version of the logging SDK.
+
+
+### Common Data Extensions.user
+
+Describes the fields related to a user.
+
+The following fields are available:
+
+- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
+- **locale** The language and region.
+- **localId** Represents a unique user identity that is created locally and added by the client. This isn't the user's account ID.
+
+
+### Common Data Extensions.utc
+
+Describes the properties that could be populated by a logging library on Windows.
+
+The following fields are available:
+
+- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
+- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number
+- **cat** Represents a bitmask of the ETW Keywords associated with the event.
+- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
+- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
+- **flags** Represents the bitmap that captures various Windows specific flags.
+- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event.
+- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
+- **op** Represents the ETW Op Code.
+- **pgName** The short form of the provider group name associated with the event.
+- **popSample** Represents the effective sample rate for this event at the time it was generated by a client.
+- **providerGuid** The ETW provider ID associated with the provider name.
+- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
+- **seq** Represents the sequence field used to track absolute order of uploaded events. It's an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier.
+- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
+- **wcmp** The Windows Shell Composer ID.
+- **wPId** The Windows Core OS product ID.
+- **wsId** The Windows Core OS session ID.
+
+
+### Common Data Extensions.xbl
+
+Describes the fields that are related to XBOX Live.
+
+The following fields are available:
+
+- **claims** Any additional claims whose short claim name hasn't been added to this structure.
+- **did** XBOX device ID
+- **dty** XBOX device type
+- **dvr** The version of the operating system on the device.
+- **eid** A unique ID that represents the developer entity.
+- **exp** Expiration time
+- **ip** The IP address of the client device.
+- **nbf** Not before time
+- **pid** A comma separated list of PUIDs listed as base10 numbers.
+- **sbx** XBOX sandbox identifier
+- **sid** The service instance ID.
+- **sty** The service type.
+- **tid** The XBOX Live title ID.
+- **tvr** The XBOX Live title version.
+- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
+- **xid** A list of base10-encoded XBOX User IDs.
+
+
+## Common data fields
+
+### Ms.Device.DeviceInventoryChange
+
+Describes the installation state for all hardware and software components available on a particular device.
+
+The following fields are available:
+
+- **action** The change that was invoked on a device inventory object.
+- **inventoryId** Device ID used for Compatibility testing
+- **objectInstanceId** Object identity which is unique within the device scope.
+- **objectType** Indicates the object type that the event applies to.
+- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+-
+
+## Component-based servicing events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **currentID** The ID of the current install session.
+- **downloadSource** The source of the download.
+- **highestState** The highest final install state of the optional content.
+- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **retryID** The session ID that will be used to retry a failed operation.
+- **retryStatus** Indicates whether the install will be retried in the event of failure.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
+### CbsServicingProvider.CbsFodInventory
+
+This event reports on the state of the current optional Windows content obtained from Windows Update.
+
+The following fields are available:
+
+- **capabilities** A bitmask with each position indicating if each type of optional Windows content is currently enabled.
+- **initiatedOffline** A true or false value indicating if the inventory describes an offline WIM file.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+### CbsServicingProvider.CbsLateAcquisition
+
+This event sends data to indicate if some Operating System packages couldn't be updated as part of an upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **Features** The list of feature packages that couldn't be updated.
+- **RetryID** The ID identifying the retry attempt to update the listed packages.
+
+
+### CbsServicingProvider.CbsPackageRemoval
+
+This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build number of the security update being uninstalled.
+- **clientId** The name of the application requesting the uninstall.
+- **currentStateEnd** The final state of the update after the operation.
+- **failureDetails** Information about the cause of a failure, if applicable.
+- **failureSourceEnd** The stage during the uninstall where the failure occurred.
+- **hrStatusEnd** The overall exit code of the operation.
+- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image.
+- **majorVersion** The major version number of the security update being uninstalled.
+- **minorVersion** The minor version number of the security update being uninstalled.
+- **originalState** The starting state of the update before the operation.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+- **primitiveExecutionContext** The state during system startup when the uninstall was completed.
+- **revisionVersion** The revision number of the security update being uninstalled.
+- **transactionCanceled** Indicates whether the uninstall was canceled.
+
+
+### CbsServicingProvider.CbsPostponedReserveInstallDecision
+
+This event reports on the scheduling of installs for Windows cumulative security updates.
+
+The following fields are available:
+
+- **hardReserveSize** The size of the disk space reserve used to update Windows OS content.
+- **hardReserveUsedSpace** The disk space currently in use in the reserve used to update Windows OS content.
+- **postponed** A boolean indicating if updating processing has been delayed to shutdown due to low disk space.
+- **userFreeSpace** The amount of free disk space available on the OS volume.
+- **usingReserves** A boolean indicating whether disk space reserves are being used to install the update.
+
+
+### CbsServicingProvider.CbsQualityUpdateInstall
+
+This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build version number of the update package.
+- **clientId** The name of the application requesting the optional content.
+- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device.
+- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure.
+- **currentStateEnd** The final state of the package after the operation has completed.
+- **doqTimeSeconds** The time in seconds spent updating drivers.
+- **executeTimeSeconds** The number of seconds required to execute the install.
+- **failureDetails** The driver or installer that caused the update to fail.
+- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred.
+- **hrStatusEnd** The return code of the install operation.
+- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
+- **majorVersion** The major version number of the update package.
+- **minorVersion** The minor version number of the update package.
+- **originalState** The starting state of the package.
+- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation.
+- **planTimeSeconds** The time in seconds required to plan the update operations.
+- **poqTimeSeconds** The time in seconds processing file and registry operations.
+- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update.
+- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot.
+- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed.
+- **rebootCount** The number of reboots required to install the update.
+- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update.
+- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update.
+- **revisionVersion** The revision version number of the update package.
+- **rptTimeSeconds** The time in seconds spent executing installer plugins.
+- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update.
+- **stackRevision** The revision number of the servicing stack.
+- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update.
+
+
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
+### CbsServicingProvider.CbsUpdateDeferred
+
+This event reports the results of deferring Windows Content to keep Windows up to date.
+
+
+
+## Deployment events
+
+### Microsoft.Windows.Deployment.Imaging.AppExit
+
+This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **hr** HResult returned from app exit.
+- **totalTimeInMs** Total time taken in Ms.
+
+
+### Microsoft.Windows.Deployment.Imaging.AppInvoked
+
+This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **branch** Corresponding branch for the image.
+- **isInDbg** Whether the app is in debug mode or not.
+- **isWSK** Whether the app is building images using WSK or not.
+
+
+## DISM events
+
+### Microsoft.Windows.StartRepairCore.DISMPendingInstall
+
+The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **dismPendingInstallPackageName** The name of the pending package.
+
+
+### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions
+
+The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd
+
+The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+- **failedUninstallCount** The number of driver updates that failed to uninstall.
+- **failedUninstallFlightIds** The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall.
+- **foundDriverUpdateCount** The number of found driver updates.
+- **srtRepairAction** The scenario name for a repair.
+- **successfulUninstallCount** The number of successfully uninstalled driver updates.
+- **successfulUninstallFlightIds** The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRepairActionStart
+
+The SRT Repair Action Start event sends information to report repair operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **srtRepairAction** The scenario name for a repair.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd
+
+The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **errorCode** The result code returned by the event.
+- **flightIds** The Flight IDs (identifier of the beta release) of found driver updates.
+- **foundDriverUpdateCount** The number of found driver updates.
+- **srtRootCauseDiag** The scenario name for a diagnosis event.
+
+
+### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart
+
+The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **srtRootCauseDiag** The scenario name for a diagnosis event.
+
+
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **BrightnessVersionViaDDI** The version of the Display Brightness Interface.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DDIInterfaceVersion** The device driver interface version.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **Display1UMDFilePath** The file path to the location of the Display User Mode Driver in the Driver Store.
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device.
+- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **DxDbCurrentVersion** Version of the DirectX Database on the device.
+- **DxDbVersionCheckStatus** Numeric value indicating the result of the last check on the DirectX Database version for the device.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **HwFlipQueueSupportState** Numeric value indicating the adapter's support for hardware flip queues.
+- **HwSchSupportState** Numeric value indicating the adapter's support for hardware scheduling.
+- **IddPairedRenderAdapterLuid** Identifier for the render adapter paired with this display adapter.
+- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided.
+- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided.
+- **InterfaceFuncPointersProvided3** Number of device driver interface function pointers provided.
+- **InterfaceId** The GPU interface ID.
+- **IsCrossAdapterScanOutSupported** Boolean value indicating whether the adapter supports cross-adapter scanout optimization.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHwFlipQueueEnabled** Boolean value indicating whether hardware flip queues are enabled.
+- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled.
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **IsVirtualRefreshRateSupported** Boolean value indicating whether the adapter supports virtual refresh rates.
+- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MdmSupportStatus** Numeric value indicating support for Microsoft Display Mux.
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NodeTypes** Types of execution nodes comprising the graphics adapter.
+- **NumExecutionNodes** Number of execution nodes comprising the graphics adapter.
+- **NumNonVidPnTargets** Number of display targets.
+- **NumPhysicalAdapters** Number of physical graphics adapters.
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+### DxgKrnlTelemetry.GPUStartAdapter
+
+This event records information about an attempt to start a graphics adapter.
+
+The following fields are available:
+
+- **DDIInterfaceVersion** Version of the display driver interface (DDI).
+- **DriverDate** Date of the display driver.
+- **DriverRank** Rank for the display driver.
+- **DriverVersion** Version of the display driver.
+- **FailureReason** Numeric value indicating the stage in which the startup attempt failed.
+- **GPUDeviceID** Device identifier for the graphics adapter.
+- **GPURevisionID** Revision identifier for the graphics adapter.
+- **GPUVendorID** Vendor identifier for the graphics adapter.
+- **IsSoftwareDevice** Boolean value indicating whether the graphics adapter is implemented in software only.
+- **StartAdapterFailedSequenceId** Numeric value indicating the graphics adapter startup attempt count.
+- **Status** Numeric value indicating the status of the graphics adapter startup attempt.
+- **SubSystemID** Subsystem identifier for the graphics adapter.
+- **SubVendorID** Subsystem vendor identifier for the graphics identifier.
+- **version** Version of the schema for the event.
+
+
+## Failover Clustering events
+
+### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
+
+This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
+
+The following fields are available:
+
+- **autoAssignSite** The cluster parameter: auto site.
+- **autoBalancerLevel** The cluster parameter: auto balancer level.
+- **autoBalancerMode** The cluster parameter: auto balancer mode.
+- **blockCacheSize** The configured size of the block cache.
+- **ClusterAdConfiguration** The ad configuration of the cluster.
+- **clusterAdType** The cluster parameter: mgmt_point_type.
+- **clusterDumpPolicy** The cluster configured dump policy.
+- **clusterFunctionalLevel** The current cluster functional level.
+- **clusterGuid** The unique identifier for the cluster.
+- **clusterWitnessType** The witness type the cluster is configured for.
+- **countNodesInSite** The number of nodes in the cluster.
+- **crossSiteDelay** The cluster parameter: CrossSiteDelay.
+- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold.
+- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay.
+- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold.
+- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters.
+- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters.
+- **csvResourceCount** The number of resources in the cluster.
+- **currentNodeSite** The name configured for the current site for the cluster.
+- **dasModeBusType** The direct storage bus type of the storage spaces.
+- **downLevelNodeCount** The number of nodes in the cluster that are running down-level.
+- **drainOnShutdown** Specifies whether a node should be drained when it's shut down.
+- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled.
+- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity.
+- **genAppNames** The Win32 service name of a clustered service.
+- **genSvcNames** The command line of a clustered genapp.
+- **hangRecoveryAction** The cluster parameter: hang recovery action.
+- **hangTimeOut** Specifies the “hang time out” parameter for the cluster.
+- **isCalabria** Specifies whether storage spaces direct is enabled.
+- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes.
+- **isRunningDownLevel** Identifies if the current node is running down-level.
+- **logLevel** Specifies the granularity that is logged in the cluster log.
+- **logSize** Specifies the size of the cluster log.
+- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID.
+- **minNeverPreempt** The cluster parameter: minimum never preempt.
+- **minPreemptor** The cluster parameter: minimum preemptor priority.
+- **netftIpsecEnabled** The parameter: netftIpsecEnabled.
+- **NodeCount** The number of nodes in the cluster.
+- **nodeId** The current node number in the cluster.
+- **nodeResourceCounts** Specifies the number of node resources.
+- **nodeResourceOnlineCounts** Specifies the number of node resources that are online.
+- **numberOfSites** The number of different sites.
+- **numNodesInNoSite** The number of nodes not belonging to a site.
+- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes.
+- **preferredSite** The preferred site location.
+- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster.
+- **quarantineDuration** The quarantine duration.
+- **quarantineThreshold** The quarantine threshold.
+- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period.
+- **rdmaConnectionsForStorage** This specifies the rdma connections for storage.
+- **resiliencyLevel** Specifies the level of resiliency.
+- **resourceCounts** Specifies the number of resources.
+- **resourceTypeCounts** Specifies the number of resource types in the cluster.
+- **resourceTypes** Data representative of each resource type.
+- **resourceTypesPath** Data representative of the DLL path for each resource type.
+- **sameSubnetDelay** The cluster parameter: same subnet delay.
+- **sameSubnetThreshold** The cluster parameter: same subnet threshold.
+- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
+- **securityLevel** The cluster parameter: security level.
+- **securityLevelForStorage** The cluster parameter: security level for storage.
+- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes.
+- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down.
+- **upNodeCount** Specifies the number of nodes that are up (online).
+- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV.
+- **useRdmaForStorage** The cluster parameter to use rdma for storage.
+- **vmIsolationTime** The cluster parameter: VM isolation time.
+- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (for example, from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (for example, from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName** The name of the app that has crashed.
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp** The date/time stamp of the app.
+- **AppVersion** The version of the app that has crashed.
+- **ExceptionCode** The exception code returned by the process that has crashed.
+- **ExceptionOffset** The address where the exception had occurred.
+- **Flags** Flags indicating how reporting is done. For example, queue the report, don't offer JIT debugging, or don't terminate the process after reporting.
+- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
+- **IsFatal** True/False to indicate whether the crash resulted in process termination.
+- **ModName** Exception module name (for example, bar.dll).
+- **ModTimeStamp** The date/time stamp of the module.
+- **ModVersion** The version of the module that has crashed.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has crashed.
+- **ProcessId** The ID of the process that has crashed.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported
+- **TargetAsId** The sequence number for the hanging process.
+
+
+## Feature quality events
+
+### Microsoft.Windows.FeatureQuality.Heartbeat
+
+This event indicates the feature status heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Features** Array of features.
+
+
+### Microsoft.Windows.FeatureQuality.StateChange
+
+This event indicates the change of feature state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight ID.
+- **state** New state.
+
+
+### Microsoft.Windows.FeatureQuality.Status
+
+This event indicates the feature status. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **featureId** Feature ID.
+- **flightId** Flight ID.
+- **time** Time of status change.
+- **variantId** Variant ID.
+
+
+## Feature update events
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed
+
+This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **failureReason** Provides data about the uninstall initialization operation failure.
+- **hr** Provides the Win32 error code for the operation failure.
+
+
+### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered
+
+This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+
+
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (for example, PLM/RM/EM) as Watson Generics and won't produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process ID used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it's waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it's waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application ID of the package.
+
+
+## Holographic events
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded
+
+This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **ClassGuid** Windows Mixed Reality device class GUID.
+- **DeviceInterfaceId** Windows Mixed Reality device interface ID.
+- **DriverVersion** Windows Mixed Reality device driver version.
+- **FirmwareVersion** Windows Mixed Reality firmware version.
+- **Manufacturer** Windows Mixed Reality device manufacturer.
+- **ModelName** Windows Mixed Reality device model name.
+- **SerialNumber** Windows Mixed Reality device serial number.
+
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceRemoved
+
+This event indicates Windows Mixed Reality device state. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **DeviceInterfaceId** Device Interface ID.
+
+
+### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated
+
+This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **IsForCompositor** True/False to indicate whether the holographic space is for compositor process.
+- **Source** An enumeration indicating the source of the log.
+- **WindowInstanceId** Unique value for each window instance.
+
+
+### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated
+
+This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **HmdState** Windows Mixed Reality Headset HMD state.
+- **NewHoloShellState** Windows Mixed Reality HoloShell state.
+- **PriorHoloShellState** Windows Mixed Reality state prior to entering to HoloShell.
+- **SimulationEnabled** Windows Mixed Reality Simulation state.
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated
+
+This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode.
+- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion.
+- **PackageVersion** Windows Mixed Reality Portal app package version.
+- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state.
+- **wilActivity** Windows Mixed Reality Portal app wilActivity ID.
+
+
+### Microsoft.Windows.Shell.HolographicFirstRun.SomethingWentWrong
+
+This event is emitted when something went wrong error occurs. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **ErrorSource** Source of error, obsoleted always 0.
+- **StartupContext** Start up state.
+- **StatusCode** Error status code.
+- **SubstatusCode** Error sub status code.
+
+
+### TraceLoggingHoloLensSensorsProvider.OnDeviceAdd
+
+This event provides Windows Mixed Reality device state with new process that hosts the driver. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly.
+
+The following fields are available:
+
+- **Process** Process ID.
+- **Thread** Thread ID.
+
+
+### TraceLoggingOasisUsbHostApiProvider.DeviceInformation
+
+This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BootloaderMajorVer** Windows Mixed Reality device boot loader major version.
+- **BootloaderMinorVer** Windows Mixed Reality device boot loader minor version.
+- **BootloaderRevisionNumber** Windows Mixed Reality device boot loader revision number.
+- **BTHFWMajorVer** Windows Mixed Reality device BTHFW major version. This event also used to count WMR device.
+- **BTHFWMinorVer** Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device.
+- **BTHFWRevisionNumber** Windows Mixed Reality device BTHFW revision number.
+- **CalibrationBlobSize** Windows Mixed Reality device calibration blob size.
+- **CalibrationFwMajorVer** Windows Mixed Reality device calibration firmware major version.
+- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version.
+- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number.
+- **DeviceInfoFlags** Windows Mixed Reality device info flags.
+- **DeviceReleaseNumber** Windows Mixed Reality device release number.
+- **FirmwareMajorVer** Windows Mixed Reality device firmware major version.
+- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version.
+- **FirmwareRevisionNumber** Windows Mixed Reality device calibration firmware revision number.
+- **FpgaFwMajorVer** Windows Mixed Reality device FPGA firmware major version.
+- **FpgaFwMinorVer** Windows Mixed Reality device FPGA firmware minor version.
+- **FpgaFwRevisionNumber** Windows Mixed Reality device FPGA firmware revision number.
+- **FriendlyName** Windows Mixed Reality device friendly name.
+- **HashedSerialNumber** Windows Mixed Reality device hashed serial number.
+- **HeaderSize** Windows Mixed Reality device header size.
+- **HeaderVersion** Windows Mixed Reality device header version.
+- **LicenseKey** Windows Mixed Reality device header license key.
+- **Make** Windows Mixed Reality device make.
+- **ManufacturingDate** Windows Mixed Reality device manufacturing date.
+- **Model** Windows Mixed Reality device model.
+- **PresenceSensorHidVendorPage** Windows Mixed Reality device presence sensor HID vendor page.
+- **PresenceSensorHidVendorUsage** Windows Mixed Reality device presence sensor HID vendor usage.
+- **PresenceSensorUsbVid** Windows Mixed Reality device presence sensor USB VId.
+- **ProductBoardRevision** Windows Mixed Reality device product board revision number.
+- **SerialNumber** Windows Mixed Reality device serial number.
+
+
+## Inventory events
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
+
+This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AndroidPackageId** A unique identifier for an Android app.
+- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
+- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
+- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00
+- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array.
+- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Language** The language code of the program.
+- **MsiInstallDate** The install date recorded in the program's MSI package.
+- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
+- **MsiProductCode** A GUID that describe the MSI Product.
+- **Name** The name of the application.
+- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install.
+- **PackageFullName** The package full name for a Store application.
+- **ProgramInstanceId** A hash of the file IDs in an app.
+- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field.
+- **RootDirPath** The path to the root directory where the program was installed.
+- **Source** How the program was installed (for example, ARP, MSI, Appx).
+- **SparkId** Unique ID that represents a Win32 app installed from the Microsoft Store.
+- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
+- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it's a service. Application and BOE are the ones most likely seen.
+- **Version** The version number of the program.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationKbStartSync
+
+This event represents the basic metadata about an application updates (KBs) installed on the system. This event is used to understand the applications on a machine to determine if there will be compatibility issues when upgrading Windows.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory components.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+## Kernel events
+
+### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem
+
+This event is sent when a new problem code is assigned to a device. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **Count** The total number of events.
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **LastProblem** The previous problem code that was set on the device.
+- **LastProblemStatus** The previous NTSTATUS value that was set on the device.
+- **Problem** The new problem code that was set on the device.
+- **ProblemStatus** The new NTSTATUS value that was set on the device.
+- **ServiceName** The driver or service name that is attached to the device.
+
+
+### Microsoft.Windows.Kernel.Power.AbnormalShutdown
+
+This event provides diagnostic information of the most recent abnormal shutdown.
+
+The following fields are available:
+
+- **BootEnvironment** Errors from boot environment.
+- **BootStatValid** Status of bootstat file.
+- **Bugcheck** Bugcheck information.
+- **CrashDump** Crash dump information.
+- **CurrentBootId** ID of this boot.
+- **FirmwareReset** System reset by firmware.
+- **LastShutdownBootId** BootID of last shutdown.
+- **LongPowerButtonHold** Long power button hold information.
+- **SystemStateTransition** State transition information.
+- **Watchdog** Watchdog information.
+- **WheaBootErrorCount** Whea boot error information.
+
+
+### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown
+
+This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they're expected to. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit.
+- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits.
+- **TotalUpTimeMs** Contains the total system up time in milliseconds.
+
+
+## Microsoft Edge events
+
+### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms.
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms.
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **account_type** Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config
+
+This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure.
+
+The following fields are available:
+
+- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms.
+- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events.
+- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version.
+- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000).
+- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end.
+- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **Channel** An integer indicating the channel of the installation (Canary or Dev).
+- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled.
+- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth.
+- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode.
+- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode.
+- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set.
+- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy.
+- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour.
+- **installSourceName** A string representation of the installation source.
+- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload.
+- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission.
+- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level.
+- **pop_sample** A value indicating how the device's data is being sampled.
+- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code.
+- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade.
+- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process.
+
+
+### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping
+
+This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Microsoft Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Microsoft Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date.
+
+The following fields are available:
+
+- **appAp** Any additional parameters for the specified application. Default: ''.
+- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined.
+- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
+- **appChannel** An integer indicating the channel of the installation (that is, Canary or Dev).
+- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
+- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
+- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
+- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (for example, send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'.
+- **appEdgePreviewDisenrollReason** Reason why Preview was unenrolled.
+- **appEdgePreviewPreviousValuesV2** Previous values of the Microsoft Edge Preview.
+- **appEdgePreviewState** Specifies if Microsoft Edge is in the preview state.
+- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
+- **appFirstFRESeenTime** The earliest time the Microsoft Edge First Run Experience was seen by any user on the device in Windows FILETIME units / 10. Default: undefined.
+- **appFirstFRESeenVersion** The earliest Microsoft Edge First Run Experience version that was seen by any user on the device (for example '1.2.3.4'). Default: undefined.
+- **appInactivityBadgeApplied** Specifies that the inactivity badge has been applied.
+- **appInactivityBadgeCleared** Specifies that the inactivity badge has been cleared.
+- **appInactivityBadgeDuration** The duration of the inactivity badge.
+- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
+- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
+- **appIsPinnedSystem** Specifies is the app is pinned.
+- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
+- **appLastLaunchCount** Number of times the app launched last.
+- **appLastLaunchTime** The time when browser was last launched.
+- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
+- **appOOBEInstallTime** The time of first recorded successful OOBE Microsoft Edge install in Windows FILETIME units / 10 (that is, the install time of any fully completed OOBE install achieved before OOBE finishes), as recorded by setup.exe. Default: undefined.
+- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
+- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply.
+- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z.
+- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) For example, HIT from proxy.domain.tld, MISS from proxy.local.
+- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. for example: US.
+- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
+- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. For example, Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z.
+- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. For example, CP=\"CAO PSA OUR\".
+- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
+- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'.
+- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
+- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
+- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
+- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'.
+- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute.
+- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
+- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
+- **appPingEventPackageCacheResult** Whether there's an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field doesn't apply.
+- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event.
+- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag.
+- **appPingEventSystemUptimeTicks** Number of ticks that the system has been up.
+- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'.
+- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'.
+- **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed.
+- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't.
+- **appUpdateCheckTargetChannel** Check for status showing the target release channel.
+- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it's not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
+- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
+- **appUpdateCount** A running total of successful updates recorded by setup.exe. This is used for continuity checking of the Ping data spanning consecutive updates.
+- **appUpdatesAllowedForMeteredNetworks** Specifies if the device can receive updates with on a metered network.
+- **appVersion** The version of the product install. shouldn't Default: '0.0.0.0'.
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **eventType** A string indicating the type of the event. shouldn't
+- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
+- **hwDiskType** Device’s hardware disk type.
+- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware doesn't support the SSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware doesn't support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware doesn't support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'.
+- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware doesn't support the SSSE3 instruction set. '-1' if unknown. Default: '-1'.
+- **hwLogicalCpus** Number of logical CPUs of the device.
+- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'.
+- **isCTADevice** Specifies if the device is CTA.
+- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'.
+- **oemProductManufacturer** The device manufacturer name.
+- **oemProductName** The product name of the device defined by device manufacturer.
+- **osArch** The architecture of the operating system (for example, 'x86', 'x64', 'arm'). '' if unknown. Default: ''.
+- **osIsDefaultNetworkConnectionMetered** States if the default network connection is metered.
+- **osIsInLockdownMode** Is the OS in lockdown mode.
+- **osIsWIP** Whether the OS is in preview.
+- **osPlatform** The operating system family that the within which the Omaha client is running (for example 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''.
+- **osProductType** Type associated with the operating system.
+- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''.
+- **osVersion** The primary version of the operating system. '' if unknown. Default: ''.
+- **osWIPBranch** WIP branch of the operating system.
+- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'.
+- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''.
+- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'.
+- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''.
+- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'.
+- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''.
+- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'.
+- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined.
+- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''.
+- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''.
+- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (for example, update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''.
+- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and shouldn't be counted toward normal metrics. Default: ''.
+- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''.
+
+
+### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.PingXml
+
+The PingXml event sends detailed information pertaining to a specific instance of an update process in MicrosoftEdgeUpdate. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. Each PingXml event can contain update logs from multiple different applications, and each application node in the XML payload can contain multiple different ping events. This event is sent whenever an update process occurs in the MicrosoftEdgeUpdate, regardless of the exit status. This event is used to track the reliability and performance of the MicrosoftEdgeUpdate process. The payload of this event is defined in the protocol definition header file.
+
+The following fields are available:
+
+- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
+- **Xml** XML-encoded string representing the request payload of the ping event. The request payload includes data and metadata for four nodes: the request itself, the hardware of the device, the OS of the device, and each updated application. Each application node includes additional nodes for individual ping events.
+
+
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLSys
+
+This event is used to indicate object count for system paths during different phases of Windows feature update.
+
+The following fields are available:
+
+- **migDiagSession->CString** Indicates the phase of the update.
+- **objectCount** Number of files being tracked for the corresponding phase of the update.
+- **sfInfo.Name** This indicates well know folder location path (Ex: PUBLIC_downloads etc.)
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **migDiagSession->CString** The phase of the upgrade where migration occurs. (for example: Validate tracked content)
+- **objectCount** The count for the number of objects that are being transferred.
+- **sfInfo.Name** This event identifies the phase of the upgrade where migration happens.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens.
+- **objectCount** The count of the number of objects that are being transferred.
+- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount** The number of objects that are being transferred.
+- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads.
+
+
+## OneSettings events
+
+### Microsoft.Windows.OneSettingsClient.Heartbeat
+
+This event indicates the config state heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **Configs** Array of configs.
+
+
+### Microsoft.Windows.OneSettingsClient.StateChange
+
+This event indicates the change in config state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **state** New state.
+
+
+### Microsoft.Windows.OneSettingsClient.Status
+
+This event indicates the config usage of status update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly.
+
+The following fields are available:
+
+- **flightId** Flight id.
+- **time** Time.
+
+
+## OOBE events
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateNthLogonDisplayStatus
+
+NthLogon NDUP evaluated whether it should launch or not.
+
+The following fields are available:
+
+- **nthSkippedReasonFlag** Flag indicating skip reason.
+- **reason** Skip reason string.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdatePageSkipped
+
+This event provides information about skipping expedited update page. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **reason** Reason for skip.
+- **skippedReasonFlag** Flag representing reason for skip.
+
+
+### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult
+
+This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly.
+
+The following fields are available:
+
+- **oobeExpeditedUpdateStatus** Expedited update status.
+- **reason** Reason for the status.
+- **resultCode** HR result of operation.
+
+
+## Other events
+
+### Microsoft.Windows.Analog.HolographicDriverClient.TelemetryUserPresenceChanged
+
+This event sends data indicating the state detected by user presence sensor. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **correlationGuid** Unique correlation Guid Id.
+- **isPresent** State detected by user presence sensor.
+
+
+### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
+
+This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **SessionID** Unique value for each attempt.
+- **TargetAsId** The sequence number for the process.
+- **windowInstanceId** Unique value for each window instance.
+
+
+### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
+
+This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **EventHistory** Unique number of event history.
+- **ExternalComponentState** State of external component.
+- **LastEvent** Unique number of last event.
+- **SessionID** Unique value for each attempt.
+- **TargetAsId** The sequence number for the process.
+- **windowInstanceId** Unique value for each window instance.
+
+
+### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeyFinalize
+
+This event traces Windows Hello key creation finalize.
+
+
+The following fields are available:
+
+- **accountType** The account type of the user.
+- **cacheType** The cache type of the key.
+- **finalizeStatus** Returned status code after the finalize operation.
+- **gestureRequired** The operation requires a gesture.
+- **isIsoContainer** Indicates if it's using IsoContainer.
+- **isVsm** Indicates if Container is in Vsm.
+- **keyAccountId** Key account ID.
+- **keyAlgId** Key Algorithm ID.
+- **keyDomain** Key domain name.
+- **keyImplType** Key implementation type.
+- **keyTenant** Key tenant name.
+- **keyType** Key type.
+- **signStatus** Returned status code after the finalize operation.
+- **silentByCaller** Indicates whether the caller wanted to finalize silently.
+- **silentByProperty** Indicates whether the key property specified to finalize silently.
+
+
+### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeySignHash
+
+This event traces Windows Hello key signing details.
+
+The following fields are available:
+
+- **accountType** The account type of the user.
+- **cacheType** The cache type of the key.
+- **callerCmdLine** Caller process command line string.
+- **didPrompt** Whether a UI prompt was triggered.
+- **gestureRequired** The operation requires a gesture.
+- **isCacheWithTimedCounterEnabled** New caching mechanism is enabled.
+- **isCallerProcessQueryLimited** Indicates if caller process failed to be opened with PROCESS_VM_READ privilege.
+- **isUnlockTimeSet** We have a valid unlock time to use.
+- **keyAccountId** Hashed key account ID.
+- **keyDomain** Hashed key domain name.
+- **keyImplType** The implementation type of the key.
+- **keyTenant** Hashed key tenant name.
+- **keyType** Key type.
+- **numSignatures** Number of signatures made since logon or unlock.
+- **persistedInPinCache** The PIN was persisted in the cache.
+- **protectionLevel** Specifies whether the caller process is a PPL and at what level.
+- **sessionGuid** Unique identifier for the current user session.
+- **signStatus** Returned status code after the sign operation.
+- **silentByCaller** Indicates whether the caller wanted to sign silently.
+- **silentByProperty** Indicates whether the key property specified to sign silently.
+- **timeSinceUnlockMs** Time since logon or unlock in milliseconds.
+- **usedPinCache** The PIN cache was used to attempt to sign.
+- **validTicket** The provided ticket doesn't match the default or invalid auth ticket.
+
+### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed
+
+Event that indicates that an attempt to apply secure boot updates failed
+
+The following fields are available:
+
+- **Action** Action string when error occurred
+- **hr** Error code in HRESULT
+- **IsRejectedByFirmware** Bool value to indicate if firmware has rejected the update.
+- **IsResealNeeded** BOOL value to indicate if TPM Reseal was needed
+- **RevokedBootmanager** BOOL value to indicate if current bootmgr is revoked.
+- **SecureBootUpdateCaller** Scenario in which function was called. Could be Update or Upgrade
+- **UpdateType** Indicates if it's DB or DBX update
+- **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed
+
+
+### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted
+
+Event that indicates secure boot update has started.
+
+The following fields are available:
+
+- **AvailableUpdates** Number of available secure boot updates.
+- **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade.
+
+
+### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateSucceeded
+
+This event indicates if the Secure Boot Update succeded.
+
+The following fields are available:
+
+- **Action** Indicates the stage for success.
+- **IsRebootRequiredBeforeUpdate** Indicates if reboot is required for before re-attempting the update.
+- **IsResealNeeded** Indicates if BitLocker reseal is needed.
+- **RevokedBootmanager** Indicates if there's a revoked bootmgr on the machine.
+- **SecureBootUpdateCaller** Info about the caller of the update.
+- **UpdateType** VariableMask like DB, DBX.
+- **WillResealSucceed** Inform if reseal will succeed.
+
+
+### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateCompleted
+
+This event logs when the installer completes Secureboot update.
+
+The following fields are available:
+
+- **Action** String that tells us the failure stage if any.
+- **hr** error code.
+- **IsResealNeeded** Is BitLocker reseal was needed on this machine.
+- **sbServicingFailureReason** Enum containing failure details.
+- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, tpmtask or dbupdater.
+- **UpdateType** Update type DB or DBX.
+- **WillResealSucceed** If BitLocker reseal will succeed on this machine.
+
+
+### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateStarted
+
+This event logs when Secureboot updating containing DB/DBX payload starts.
+
+The following fields are available:
+
+- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, TPMTask or DBUpdater.
+- **UpdateType** Update type like DB or DBX.
+
+
+### Microsoft.Windows.Security.SBServicingCore.SBServicingCoreFunctionFailed
+
+This event logs when some core function of Secureboot AI fails.
+
+The following fields are available:
+
+- **Action** stage at which the failure occurred.
+- **Function** name of the function where the failure occurred.
+- **hr** error code.
+
+
+### Microsoft.Windows.Shell.CortanaSearch.WebView2ProcessFailed
+
+This event tracks if the WebView2 process failed.
+
+The following fields are available:
+
+- **ExitCode** WebView2 exit code.
+- **ProcessFailedKind** WebView2 process failure kind.
+- **Reason** WebView2 process failure reason.
+- **SessionId** WebView2 sessionId.
+
+
+### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.GetUserAccountState
+
+This event keeps track of if the user's account is in a good state upon loading the Settings Accounts L1 page.
+
+The following fields are available:
+
+- **CassService** Version of the Cass service.
+- **componentName** Name of the Settings component.
+- **correlationVector** Identifier for correlating events.
+- **currentPageGroupId** Identifier for the current page group.
+- **currentPageId** Identifier for the current page.
+- **experienceId** Identifier for the Settings experience.
+- **experienceVersion** Version of the experience.
+- **isExperienceInbox** Is the experience present by default (Comes with the system).
+- **pageId** Identifier for the Setting page.
+- **pageSessionId** Identifier for the page session.
+- **processSessionId** Identifier for the process.
+- **state** State that determines if the account has required backup proofs (eg. email and phone)
+
+
+### Microsoft.Windows.WinRE.Agent.CreateWinRePartitionFailed
+
+This event emits failure of the Creation of the WinRE partition operation.
+
+The following fields are available:
+
+- **ErrorCode** Error code.
+
+
+### Microsoft.Windows.WinRE.Agent.ExtendOsPartitionSucceed
+
+This event emits success for the extending OS Partition operation.
+
+
+### Microsoft.Windows.WinRE.Agent.ShrinkOsPartitionFailed
+
+This event captures OS partition shrink operation failures during the WinRE servicing.
+
+The following fields are available:
+
+- **HRESULT** Error code.
+
+
+### Microsoft.Windows.WinRE.Agent.WinreFormatPartition
+
+This event fires when WinRE partition is formatted.
+
+
+
+### Microsoft.Windows.WinRE.Agent.WinreFormatPartitionSucceed
+
+This vvent fires when WinRE partition attempts to format and succeeds.
+
+
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **presentationVersion** Which display version of the privacy consent experience the user completed
+- **privacyConsentState** The current state of the privacy consent experience
+- **settingsVersion** Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason** The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **isAdmin** whether the person who is logging in is an admin
+- **isExistingUser** whether the account existed in a downlevel OS
+- **isLaunching** Whether or not the privacy consent experience will be launched
+- **isSilentElevation** whether the user has most restrictive UAC controls
+- **privacyConsentState** whether the user has completed privacy experience
+- **userRegionCode** The current user's region setting
+
+
+## Setup events
+
+### Microsoft.Windows.Setup.WinSetupMon.ProtectionViolation
+
+This event provides information about move or deletion of a file or a directory which is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **Mode** The kind of monitoring mode enforced for the given path (this is one of a fixed set of strings).
+- **Path** Path to the file or the directory which is being moved or deleted.
+- **Process** Path to the process which is requesting the move or the deletion.
+- **SessionId** Identifier to correlate this component's telemetry with that of others.
+- **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved.
+
+
+### Microsoft.Windows.Setup.WinSetupMon.TraceError
+
+Provides details about error in the functioning of upgrade data safety monitoring filter driver.
+
+The following fields are available:
+
+- **Message** Text string describing the error condition.
+- **SessionId** Identifier to correlate this component's telemetry with that of others.
+- **Status** NTSTATUS code related to the error.
+
+
+### Microsoft.Windows.Setup.WinSetupMon.TraceErrorVolume
+
+Provides details about error in the functioning of upgrade data safety monitoring filter driver, related to a specific volume (drive).
+
+The following fields are available:
+
+- **Message** Text string describing the error condition.
+- **SessionId** Identifier to correlate this component's telemetry with that of others.
+- **Status** NTSTATUS code related to the error.
+- **Volume** Path of the volume on which the error occurs
+
+
+## Surface events
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEvent
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly.
+
+The following fields are available:
+
+- **batteryData** Battery Performance data.
+- **batteryData.data()** Battery performance data.
+- **BatteryDataSize:** Size of the battery performance data.
+- **batteryInfo.data()** Battery performance data.
+- **BatteryInfoSize:** Size of the battery performance data.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **BPMCurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device.
+- **BPMExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?
+- **BPMHvtCountA** Current HVT count for BPM counter A.
+- **BPMHvtCountB** Current HVT count for BPM counter B.
+- **bpmOptOutLifetimeCount** BPM OptOut Lifetime Count.
+- **BPMRsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMTotalEngagedMinutes** Total time that BPM was engaged.
+- **BPMTotalEntryEvents** Total number of times entering BPM.
+- **BPMv4CurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device.
+- **BPMv4ExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?.
+- **BPMv4HvtCountA** Current HVT count for BPM counter A.
+- **BPMv4HvtCountB** Current HVT count for BPM counter B.
+- **BPMv4RsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMv4RsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMv4RsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMv4RsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%.
+- **BPMv4TotalEngagedMinutes** Total time that BPM was engaged.
+- **BPMv4TotalEntryEvents** Total number of times entering BPM.
+- **ComponentId** Component ID.
+- **FwVersion** FW version that created this log.
+- **LogClass** Log Class.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** Log MGR version.
+- **MCUInstance** Instance ID used to identify multiple MCUs in a product.
+- **ProductId** Product ID.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **batteryPresent** Battery present on device.
+- **BPMKioskModeStartDateInSeconds** First time Battery Limit was turned on.
+- **BPMKioskModeTotalEngagedMinutes** Total time Battery Limit was on (SOC value at 50%).
+- **ComponentId** Component ID.
+- **CTTEqvTimeat35C** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC.
+- **CTTEqvTimeat35CinBPM** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up.
+- **CTTMinSOC1day** Rolling 1 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC28day** Rolling 28 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC3day** Rolling 3 day minimum SOC. Value set to 0 initially.
+- **CTTMinSOC7day** Rolling 7 day minimum SOC. Value set to 0 initially.
+- **CTTReduction** Current CTT reduction in mV
+- **CTTStartDateInSeconds** Start date from when device was starting to be used.
+- **currentAuthenticationState** Current Authentication State.
+- **FwVersion** FW version that created this log.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **MCUInstance** Instance ID used to identify multiple MCUs in a product.
+- **newSnFruUpdateCount** New Sn FRU Update Count.
+- **newSnUpdateCount** New Sn Update Count.
+- **ProductId** Product ID.
+- **ProtectionPolicy** Battery limit engaged. True (0 False).
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+- **VoltageOptimization** Current CTT reduction in mV.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **cbTimeCell_Values** cb time for different cells.
+- **ComponentId** Component ID.
+- **cycleCount** Cycle Count.
+- **deltaVoltage** Delta voltage.
+- **eocChargeVoltage_Values** EOC Charge voltage values.
+- **fullChargeCapacity** Full Charge Capacity.
+- **FwVersion** FW version that created this log.
+- **lastCovEvent** Last Cov event.
+- **lastCuvEvent** Last Cuv event.
+- **LogClass** LOG_CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG_MGR_VERSION.
+- **manufacturerName** Manufacturer name.
+- **maxChargeCurrent** Max charge current.
+- **maxDeltaCellVoltage** Max delta cell voltage.
+- **maxDischargeCurrent** Max discharge current.
+- **maxTempCell** Max temp cell.
+- **maxVoltage_Values** Max voltage values.
+- **MCUInstance** Instance ID used to identify multiple MCUs in a product.
+- **minTempCell** Min temp cell.
+- **minVoltage_Values** Min voltage values.
+- **numberOfCovEvents** Number of Cov events.
+- **numberOfCuvEvents** Number of Cuv events.
+- **numberOfOCD1Events** Number of OCD1 events.
+- **numberOfOCD2Events** Number of OCD2 events.
+- **numberOfQmaxUpdates** Number of Qmax updates.
+- **numberOfRaUpdates** Number of Ra updates.
+- **numberOfShutdowns** Number of shutdowns.
+- **pfStatus_Values** pf status values.
+- **ProductId** Product ID.
+- **qmax_Values** Qmax values for different cells.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt
+
+This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **avgCurrLastRun** Average current last run.
+- **avgPowLastRun** Average power last run.
+- **batteryMSPN** BatteryMSPN
+- **batteryMSSN** BatteryMSSN.
+- **cell0Ra3** Cell0Ra3.
+- **cell1Ra3** Cell1Ra3.
+- **cell2Ra3** Cell2Ra3.
+- **cell3Ra3** Cell3Ra3.
+- **ComponentId** Component ID.
+- **currentAtEoc** Current at Eoc.
+- **firstPFstatusA** First PF status-A.
+- **firstPFstatusB** First PF status-B.
+- **firstPFstatusC** First PF status-C.
+- **firstPFstatusD** First PF status-D.
+- **FwVersion** FW version that created this log.
+- **lastQmaxUpdate** Last Qmax update.
+- **lastRaDisable** Last Ra disable.
+- **lastRaUpdate** Last Ra update.
+- **lastValidChargeTerm** Last valid charge term.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **maxAvgCurrLastRun** Max average current last run.
+- **maxAvgPowLastRun** Max average power last run.
+- **MCUInstance** Instance ID used to identify multiple MCUs in a product.
+- **mfgInfoBlockB01** MFG info Block B01.
+- **mfgInfoBlockB02** MFG info Block B02.
+- **mfgInfoBlockB03** MFG info Block B03.
+- **mfgInfoBlockB04** MFG info Block B04.
+- **numOfRaDisable** Number of Ra disable.
+- **numOfValidChargeTerm** Number of valid charge term.
+- **ProductId** Product ID.
+- **qmaxCycleCount** Qmax cycle count.
+- **SeqNum** Sequence Number.
+- **stateOfHealthEnergy** State of health energy.
+- **stateOfHealthFcc** State of health Fcc.
+- **stateOfHealthPercent** State of health percent.
+- **TimeStamp** UTC seconds when log was created.
+- **totalFwRuntime** Total FW runtime.
+- **updateStatus** Update status.
+- **Ver** Schema version.
+
+
+### Microsoft.Surface.Battery.Prod.BatteryInfoEventV3
+
+Hardware level data about battery performance.
+
+The following fields are available:
+
+- **BatteryTelemetry** Hardware Level Data about battery performance.
+- **ComponentId** Component ID.
+- **FwVersion** FW version that created this log.
+- **LogClass** LOG CLASS.
+- **LogInstance** Log instance within class (1..n).
+- **LogVersion** LOG MGR VERSION.
+- **MCUInstance** Instance ID used to identify multiple MCUs in a product.
+- **ProductId** ProductId ID.
+- **SeqNum** Sequence Number.
+- **TimeStamp** UTC seconds when log was created.
+- **Ver** Schema version.
+
+
+## Update Assistant events
+
+### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed
+
+This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (that is, reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **activeProcesses** Number of active processes.
+- **atleastOneMitigationSucceeded** Bool flag indicating if at least one mitigation succeeded.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
+- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
+- **countDownloadedPayload** Count instances of payload downloaded.
+- **description** Description of failure.
+- **devicePreference** Recommended Troubleshooting Setting on the device.
+- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
+- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
+- **executionHR** HR code of the execution of the mitigation.
+- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option.
+- **exitCode** Exit code of the execution of the mitigation.
+- **experimentFeatureId** Experiment feature ID.
+- **experimentFeatureState** Config state of the experiment.
+- **hr** HRESULT for error code.
+- **isActiveSessionPresent** If an active user session is present on the device.
+- **isCriticalMitigationAvailable** If a critical mitigation is available to this device.
+- **isFilteringSuccessful** If the filtering operation was successful.
+- **isReApply** reApply status for the mitigation.
+- **mitigationId** ID value of the mitigation.
+- **mitigationProcessCycleTime** Process cycle time used by the mitigation.
+- **mitigationRequestWithCompressionFailed** Boolean flag indicating if HTTP request with compression failed for this device.
+- **mitigationServiceResultFetched** Boolean flag indicating if mitigation details were fetched from the admin service.
+- **mitigationVersion** String indicating version of the mitigation.
+- **oneSettingsMetadataParsed** If OneSettings metadata was parsed successfully.
+- **oneSettingsSchemaVersion** Schema version used by the OneSettings parser.
+- **onlyNoOptMitigationsPresent** Checks if all mitigations were no opt.
+- **parsedOneSettingsFile** Indicates if OneSettings parsing was successful.
+- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
+- **SessionId** Random GUID used for grouping events in a session.
+- **subType** Error type.
+- **totalKernelTime** Total kernel time used by the mitigation.
+- **totalNumberOfApplicableMitigations** Total number of applicable mitigations.
+- **totalProcesses** Total number of processes assigned to the job object.
+- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object.
+- **totalUserTime** Total user mode time used by the job object.
+
+
+### Microsoft.Windows.RecommendedTroubleshootingService.MitigationSucceeded
+
+This event is raised after an executable delivered by Mitigation Service has successfully run. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. The data collected with this event is used to keep Windows performing properly.
+
+The following fields are available:
+
+- **activeProcesses** Number of active processes.
+- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter.
+- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service.
+- **devicePreference** Recommended troubleshooting setting on the device.
+- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe.
+- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab.
+- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option.
+- **exitCode** Exit code of the execution of the mitigation.
+- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (that is, ProblemNotFound).
+- **experimentFeatureId** Experiment feature ID.
+- **experimentFeatureState** Feature state for the experiment.
+- **mitigationId** ID value of the mitigation.
+- **mitigationProcessCycleTime** Process cycle time used by the mitigation.
+- **mitigationVersion** String indicating version of the mitigation.
+- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter.
+- **SessionId** Random GUID used for grouping events in a session.
+- **totalKernelTime** Total kernel time used by the mitigation.
+- **totalProcesses** Total number of processes assigned to the job object.
+- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object.
+- **totalUserTime** Total user mode time used by the job object.
+
+
+## Update events
+
+### Update360Telemetry.FellBackToDownloadingAllPackageFiles
+
+This event indicates whether a failure occurred during Missing File List generation and is applicable to Quality Update downloads.
+
+The following fields are available:
+
+- **ErrorCode** Error code returned during Missing File List generation.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique ID for each flight.
+- **Package** Name of the package for which Missing File List generation failed and we fell back to downloading all package files.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentCommit
+
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CancelRequested** Boolean that indicates whether cancel was requested.
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentPostRebootResult
+
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current post reboot phase.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PostRebootResult** Indicates the Hresult.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **RollbackFailureReason** Indicates the cause of the rollback.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **UpdateOutputState** A numeric value indicating the state of the update at the time of reboot.
+
+
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
+## Windows Hardware Error Architecture events
+
+### WheaProvider.WheaDriverErrorExternal
+
+This event is sent when a common platform hardware error is recorded by an external WHEA error source driver. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **creatorId** A GUID that identifies the entity that created the error record.
+- **errorFlags** Flags set on the error record.
+- **notifyType** A GUID that identifies the notification mechanism by which an error condition is reported to the operating system.
+- **partitionId** A GUID that identifies the partition on which the hardware error occurred.
+- **platformId** A GUID that identifies the platform on which the hardware error occurred.
+- **record** A binary blob containing the full error record. Due to the nature of common platform error records we have no way of fully parsing this blob for any given record.
+- **recordId** The identifier of the error record. This identifier is unique only on the system that created the error record.
+- **sectionFlags** The flags for each section recorded in the error record.
+- **sectionTypes** A GUID that represents the type of sections contained in the error record.
+- **severityCount** The severity of each individual section.
+- **timeStamp** Error time stamp as recorded in the error record.
+
+
+### WheaProvider.WheaDriverExternalLogginLimitReached
+
+This event indicates that WHEA has reached the logging limit for critical events from external drivers. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **timeStamp** Time at which the logging limit was reached.
+
+
+## Windows Store events
+
+### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
+
+This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The Item Bundle ID.
+- **CategoryId** The Item Category ID.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Was this requested by a user?
+- **IsMandatory** Was this a mandatory update?
+- **IsRemediation** Was this a remediation install?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Flag indicating if this is an update.
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The product family name of the product being installed.
+- **ProductId** The identity of the package or packages being installed.
+- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled.
+- **UserAttemptNumber** The total number of user attempts at installation before it was canceled.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginAcquireLicense
+
+During App Installs and updates, a license is acquired to ensure the app/machine has an entitlement to the app.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed.
+- **AttemptNumber** Total number of install attempts before this operation.
+- **BundleId** The identity of the flight associated with this product.
+- **CategoryId** The identity of the package(s) being installed.
+- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app).
+- **IsBundle** The identity of the app that initiated this operation.
+- **IsInteractive** True if this operation was requested by a user.
+- **IsMandatory** True if this is a mandatory update.
+- **IsRemediation** True if this install is repairing a previous install.
+- **IsRestore** True when automatically restoring a previously acquired product.
+- **IsUpdate** True if this is a product update.
+- **ParentBundleId** The Product ID of the parent if this product is part of a bundle.
+- **PFN** Product Family Name of this product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation.
+- **UserAttemptNumber** Total number of user attempts to install before cancellation.
+- **WUContentId** Licensing identity of this package.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginDownload
+
+This event is fired during the app update or install process when actual bits are being downloaded, this particular event is fired at the beginning of the process to indicate a state change to "Downloading". StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed.
+- **AttemptNumber** Total number of install attempts before this operation.
+- **BundleId** The identity of the flight associated with this product.
+- **CategoryId** The identity of the package(s) being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** True if this is a bundle.
+- **IsInteractive** True if this operation was requested by a user.
+- **IsMandatory** True if this is a mandatory update.
+- **IsRemediation** True if this install is repairing a previous install.
+- **IsRestore** True when automatically restoring a previously acquired product.
+- **IsUpdate** True if this is a product update.
+- **ParentBundleId** The product ID of the parent if this product is part of a bundle.
+- **PFN** Product Family Name of app being downloaded.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation.
+- **UserAttemptNumber** Total number of user attempts to install before cancellation.
+- **WUContentId** NLicensing identity of this package.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginGetFreeEntitlement
+
+Tracks the beginning of the call to get a free app entitlement.
+
+The following fields are available:
+
+- **CampaignId** Marketing Campaign Identifier.
+- **StoreId** App Store Catalog Id.
+- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall
+
+This event is fired near the end stage of a new app install or update after the bits have been downloaded. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed.
+- **AttemptNumber** Total number of install attempts before this operation.
+- **BundleId** The identity of the flight associated with this product.
+- **CategoryId** The identity of the package(s) being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** True if this is a bundle.
+- **IsInteractive** True if this operation was requested by a user.
+- **IsMandatory** True if this is a mandatory update.
+- **IsRemediation** True if this install is repairing a previous install.
+- **IsRestore** True when automatically restoring a previously acquired product.
+- **IsUpdate** True if this is a product update.
+- **ParentBundleId** The product ID of the parent if this product is part of a bundle.
+- **PFN** The name(s) of the package(s) requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** Total number of automatic attempts to install.
+- **UserAttemptNumber** Total number of user attempts to install.
+- **WUContentId** Licensing identity of this package.
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginSearchUpdatePackages
+
+This event is fired when looking for app updates.
+
+The following fields are available:
+
+- **AttemptNumber** Total number of install attempts before this operation.
+- **BundleId** The identity of the flight associated with this product.
+- **CategoryId** The identity of the package(s) being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** True if this is a bundle.
+- **IsInteractive** True if this operation was requested by a user.
+- **IsMandatory** True if this is a mandatory update.
+- **IsRemediation** True if this install is repairing a previous install.
+- **IsRestore** True when automatically restoring a previously acquired product.
+- **IsUpdate** True if this is a product update.
+- **ParentBundleId** The product ID of the parent if this product is part of a bundle.
+- **PFN** The name(s) of the package(s) requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** Total number of automatic attempts to install.
+- **UserAttemptNumber** Total number of user attempts to install.
+- **WUContentId** Licensing identity of this package.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BlockLowPriorityWorkItems
+
+This event is fired when the BlockLowPriorityWorkItems method is called, stopping the queue from installing LowPriority work items.
+
+The following fields are available:
+
+- **ClientId** Client ID of the caller.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
+
+This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed.
+- **AttemptNumber** Total number of installation attempts.
+- **BundleId** The identity of the Windows Insider build that is associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Was this requested by a user?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this an automatic restore of a previously acquired product?
+- **IsUpdate** Is this a product update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of all packages to be downloaded and installed.
+- **PreviousHResult** The previous HResult code.
+- **PreviousInstallState** Previous installation state before it was canceled.
+- **ProductId** The name of the package or packages requested for installation.
+- **RelatedCV** Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled.
+- **UserAttemptNumber** Total number of user attempts to install before it was canceled.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
+
+This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
+- **AttemptNumber** The total number of attempts to acquire this product.
+- **BundleId** The bundle ID
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** HResult code to show the result of the operation (success/failure).
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Did the user initiate the installation?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this happening after a device restore?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
+- **UserAttemptNumber** The number of attempts by the user to acquire this product
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
+
+This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The identity of the Windows Insider build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **DownloadSize** The total size of the download.
+- **ExtendedHResult** Any extended HResult error codes.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this initiated by the user?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this a restore of a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
+- **PFN** The Product Family Name of the app being download.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to download.
+- **UserAttemptNumber** The number of attempts by the user to download.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
+
+This event is sent when an app update requires an updated Framework package and the process starts to download it. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndGetFreeEntitlement
+
+Telemetry is fired at the end of the call to request a free app entitlement, which will make a server call to get the entitlement.
+
+The following fields are available:
+
+- **CampaignId** Campaign marketing Id.
+- **HResult** Error result.
+- **StoreId** Store Catalog Id of item requesting ownership.
+- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
+
+This event is sent after a product has been installed to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **ExtendedHResult** The extended HResult error code.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this an interactive installation?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
+
+This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AutoUpdateWorkScheduledWithUOTime** The time when work was first scheduled with UO. Value deleted when UO calls UnblockLowPriorityWorkItems.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsApplicability** Is this request to only check if there are any applicable packages to install?
+- **IsInteractive** Is this user requested?
+- **IsOnline** Is the request doing an online check?
+- **NumberOfApplicableUpdates** The number of packages returned by this operation.
+- **PFN** The PackageFullName of the app currently installed on the machine. This operation is scanning for an update for this app. Value will be empty if operation is scanning for updates for more than one app.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
+
+This event is sent after searching for update packages to install. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
+
+This event is sent after restoring user data (if any) that needs to be restored following a product install. It's used to keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of system attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
+
+This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **FailedRetry** Indicates whether the installation or update retry was successful.
+- **HResult** The HResult code of the operation.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
+
+This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **InstalledPFuN** Package Full Name of the app that is installed and will be updated.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **PluginWorkCreationHr** Resulting HResult error/success code from plugin work creation.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
+
+This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **BundleId** The identity of the build associated with this product.
+- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specific edition ID being installed.
+- **VolumePath** The disk path of the installation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.InstallRequestReceived
+
+This event is sent when a product install request is received by AppInstallManager.
+
+The following fields are available:
+
+- **ClientId** Client ID of the caller.
+- **StoreId** The Store ID for the product being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
+
+This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The Product Full Name.
+- **PreviousHResult** The result code of the last action performed before this operation.
+- **PreviousInstallState** Previous state before the installation or update was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.QueueStuckError
+
+This event indicates that the Install Queue is in a stuck state.
+
+The following fields are available:
+
+- **ItemLifetimeInSeconds** The amount of time elapsed since the item had been created in seconds at the time of the error.
+- **OpenSlots** The number of open slots in the queue at the time of the error.
+- **PendingItems** The number of pending items in the queue at the time of the error.
+- **QueueItems** The number of items in the queue at the time of the error.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.RestoreDeviceMetrics
+
+This event provides an informational summary of the apps returned from the restorable apps data store.
+
+The following fields are available:
+
+- **DeferredAppIds** The number of backed-up apps that will be auto-installed at an optimal time for the machine, determined by the policies of a Windows component called the Universal Orchestrator.
+- **DelayedAppIds** The number of backed-up apps that will be auto-installed one hour after device setup.
+- **NumBackupApps** The number of apps returned from the restorable apps data store.
+- **NumCompatibleApps** The number of backed-up apps reported by compatibility service to be compatible.
+- **NumIncompatibleApps** The number of backed-up apps reported by compatibility service to be incompatible.
+- **NumProcessedBackupApps** The number of backed-up apps for which we have instructed AppRestore Service to create a placeholder.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.RestoreError
+
+This event indicates a blocking error occurred during the restore compatibility check.
+
+The following fields are available:
+
+- **ErrorCode** The error code associated with the error.
+- **ErrorLocation** The location of the error.
+- **ErrorMessage** The message associated with the error.
+- **ErrorMethod** The method the error occurred in.
+- **ErrorName** The name of the error.
+- **ErrorType** The type of the error.
+- **LineNumber** The line number the error occurred on.
+- **Severity** The severity level of the error.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
+
+This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **IsUserRetry** Did the user initiate the retry?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **PreviousHResult** The previous HResult error code.
+- **PreviousInstallState** Previous state before the installation was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector for the original install before it was resumed.
+- **ResumeClientId** The ID of the app that initiated the resume operation.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
+
+This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ProductId** The Store Product ID for the product being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ScheduleWorkWithUO
+
+This event is fired when we schedule installs and/or updates with UO.
+
+The following fields are available:
+
+- **ClientId** Client ID of the caller.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
+
+This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The Store Catalog ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specific edition of the app being updated.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
+
+Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there's a change in a product's fulfillment status (pending, working, paused, canceled, or complete), to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CatalogId** The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **HResult** The resulting HResult error/success code of this operation.
+- **NewState** The current fulfillment state of this product.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginLastStage** The most recent product fulfillment step that the plug-in has reported (different than its state).
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **Prevstate** The previous fulfillment state of this product.
+- **ProductId** Product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.UnblockLowPriorityWorkItems
+
+This event is fired when the UnblockLowPriorityWorkItems method is called, changing the state of all LowPriority work items to working if AutoUpdateState is enabled.
+
+The following fields are available:
+
+- **ClientId** Client ID of the caller.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
+
+This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **PFamN** The name of the app that is requested for update.
+
+
+## Windows Update Delivery Optimization events
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
+
+This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download being done in the background?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLedbat** The number of bytes received from a source using an Ledbat enabled connection.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP Address of the source CDN (Content Delivery Network).
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller.
+- **reasonCode** Reason the action or event occurred.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the file download session.
+- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds.
+- **totalTimeMs** The duration of the download, in milliseconds.
+- **updateID** The ID of the update being downloaded.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
+
+This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
+- **bytesFromLedbat** The number of bytes received from source using an Ledbat enabled connection.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **bytesRequested** The total number of bytes requested for download.
+- **cacheServerConnectionCount** Number of connections made to cache hosts.
+- **cdnConnectionCount** The total number of connections made to the CDN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP address of the source CDN.
+- **cdnUrl** Url of the source Content Distribution Network (CDN).
+- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion.
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
+- **downlinkUsageBps** The download speed (in bytes per second).
+- **downloadMode** The download mode used for this file download session.
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt** The time when the content will expire from the Delivery Optimization Cache.
+- **fileID** The ID of the file being downloaded.
+- **fileSize** The size of the file being downloaded.
+- **groupConnectionCount** The total number of connections made to peers in the same group.
+- **groupID** A GUID representing a custom group of devices.
+- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
+- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download.
+- **isThrottled** Event Rate throttled (event represents aggregated data).
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **lanConnectionCount** The total number of connections made to peers in the same LAN.
+- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network.
+- **numPeers** The total number of peers used for this download.
+- **numPeersLocal** The total number of local peers used for this download.
+- **predefinedCallerName** The name of the API Caller.
+- **restrictedUpload** Is the upload restricted?
+- **routeToCacheServer** The cache server setting, source, and value.
+- **rttMs** Min, Max, Avg round-trip time to the source.
+- **rttRLedbatMs** Min, Max, Avg round-trip time to a Ledbat enabled source.
+- **sessionID** The ID of the download session.
+- **sessionTimeMs** The duration of the session, in milliseconds.
+- **totalTimeMs** Duration of the download (in seconds).
+- **updateID** The ID of the update being downloaded.
+- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
+- **uplinkUsageBps** The upload speed (in bytes per second).
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
+
+This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being paused.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller object.
+- **reasonCode** The reason for pausing the download.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the download session.
+- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds.
+- **totalTimeMs** The duration of the download, in milliseconds.
+- **updateID** The ID of the update being paused.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
+
+This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **background** Indicates whether the download is happening in the background.
+- **bytesRequested** Number of bytes requested for the download.
+- **callerAppPackageName** The caller app package name.
+- **cdnUrl** The URL of the source Content Distribution Network (CDN).
+- **costFlags** A set of flags representing network cost.
+- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM).
+- **diceRoll** Random number used for determining if a client will use peering.
+- **doClientVersion** The version of the Delivery Optimization client.
+- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **errorCode** The error code that was returned.
+- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing.
+- **fileID** The ID of the file being downloaded.
+- **filePath** The path to where the downloaded file will be written.
+- **fileSize** Total file size of the file that was downloaded.
+- **fileSizeCaller** Value for total file size provided by our caller.
+- **groupID** ID for the group.
+- **isEncrypted** Indicates whether the download is encrypted.
+- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data).
+- **isVpn** Indicates whether the device is connected to a Virtual Private Network.
+- **jobID** The ID of the Windows Update job.
+- **peerID** The ID for this delivery optimization client.
+- **predefinedCallerName** Name of the API caller.
+- **routeToCacheServer** Cache server setting, source, and value.
+- **sessionID** The ID for the file download session.
+- **setConfigs** A JSON representation of the configurations that have been set, and their sources.
+- **updateID** The ID of the update being downloaded.
+- **UusVersion** The version of the undocked update stack.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date.
+
+The following fields are available:
+
+- **cdnHeaders** The HTTP headers returned by the CDN.
+- **cdnIp** The IP address of the CDN.
+- **cdnUrl** The URL of the CDN.
+- **errorCode** The error code that was returned.
+- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **httpStatusCode** The HTTP status code returned by the CDN.
+- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset** The byte offset within the file in the sent request.
+- **requestSize** The size of the range requested from the CDN.
+- **responseSize** The size of the range response received from the CDN.
+- **sessionID** The ID of the download session.
+
+
+## Windows Update events
+
+### Microsoft.Windows.Update.Aggregator.UusCoreHealth.HealthAggregatorSummary
+
+This event is a summary of UUS health indicators.
+
+The following fields are available:
+
+- **Fallback** Failover information.
+- **FlightId** Payload that is being sent.
+- **IsStable** Boolean if the payload is in image.
+- **Lock** Lock identifier.
+- **UpdateId** Update identifier.
+- **UusVersion** Version of the undocked payload.
+- **VersionActivationsSinceLastBoot** Number of activations since last reboot.
+
+
+### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize
+
+This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **errorCode** The error code returned for the current session initialization.
+- **flightId** The unique identifier for each flight.
+- **flightMetadata** Contains the FlightId and the build being flighted.
+- **objectId** Unique value for each Update Agent mode.
+- **relatedCV** Correlation vector value generated from the latest USO scan.
+- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **sessionId** Unique value for each Update Agent mode attempt.
+- **updateId** Unique ID for each update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.AppUpdateInstallResult
+
+This event reports installation result details of expedited apps.
+
+The following fields are available:
+
+- **Completed** Whether the installation completed.
+- **DeploymentAttempted** Whether the deployment was attempted.
+- **DeploymentErrorCode** The error code resulting from the deployment attempt.
+- **DeploymentExtendedErrorCode** The extended error code resulting from the deployment attempt.
+- **InstallFailureReason** On failure, the InstallFailureReason reported.
+- **OperationStatus** OperationStatus result reported by the installation attempt.
+- **Succeeded** Whether the installation succeeded.
+- **updaterId** The UpdaterId associated with this expedited app.
+- **UusVersion** The version of the UUS stack currently active.
+- **VelocityEnabled** Whether the velocity tag for the expedited app is enabled.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallAlreadyRunning
+
+This event indicates that another instance is currently attempting to install business critical store updates.
+
+The following fields are available:
+
+- **UusVersion** The version of the UUS Stack currently active.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult
+
+This event returns the result after installing a business critical store application. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **AppInstallState** The application installation state.
+- **HRESULT** The result code (HResult) of the install.
+- **PFN** The package family name of the package being installed.
+- **updaterId** The Id of the updater.
+- **UusVersion** The version of the UUS stack currently active.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.EdgeUpdateResult
+
+This event sends data indicating the result of invoking the edge updater. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **ExitCode** The exit code that was returned.
+- **HRESULT** The result code (HResult) of the operation.
+- **UusVersion** The version of the UUS stack currently active.
+- **VelocityEnabled** A flag that indicates if velocity is enabled.
+- **WorkCompleted** A flag that indicates if work is completed.
+
+
+### Microsoft.Windows.Update.Orchestrator.Client.MACUpdateInstallResult
+
+This event reports the installation result details of the MACUpdate expedited application.
+
+The following fields are available:
+
+- **Completed** Indicates whether the installation is complete.
+- **DeploymentAttempted** Whether the deployment was attempted.
+- **DeploymentErrorCode** The error code resulting from the deployment attempt.
+- **DeploymentExtendedErrorCode** The extended error code resulting from the deployment attempt.
+- **InstallFailureReason** Indicates the reason an install failed.
+- **IsRetriableError** Indications whether the error is retriable.
+- **OperationStatus** Returns the operation status result reported by the installation attempt.
+- **Succeeded** Indicates whether the installation succeeded.
+- **UusVersion** The version of the UUS stack currently active.
+- **VelocityEnabled** Indicates whether the velocity tag for MACUpdate is enabled.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
+
+This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **configuredPoliciescount** Number of policies on the device.
+- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM, or flight).
+- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option.
+- **UusVersion** Active version of UUS.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted
+
+Indicates that EULA for an update has been accepted.
+
+The following fields are available:
+
+- **HRESULT** Was the EULA acceptance successful.
+- **publisherIntent** Publisher Intent ID associated with the update.
+- **reason** Reason for EULA acceptance.
+- **update** Update for which EULA has been accepted.
+- **UusVersion** The version of the UUS stack currently active.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved
+
+This event signifies an update being approved around the OOBE time period. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **approved** Flag to determine if it's approved or not.
+- **provider** The provider related to which the update is approved.
+- **publisherIntent** The publisher intent of the Update.
+- **update** Additional information about the Update.
+- **UusVersion** The version of the UUS Stack currently active.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.SetIpuMode
+
+This event indicates that a provider is setting the inplace upgrade mode.
+
+The following fields are available:
+
+- **flightId** Flight Identifier.
+- **mode** The value being set.
+- **provider** The provider that is getting the value.
+- **reason** The reason the value is being set.
+- **uniqueId** Update Identifier.
+- **UusVersion** The version of the UUS Stack currently active.
+
+
+### Microsoft.Windows.Update.Orchestrator.Worker.UpdateActionCritical
+
+This event informs the update related action being performed around the OOBE timeframe. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **action** The type of action being performed (Install or download etc.).
+- **connectivity** Informs if the device is connected to network while this action is performed.
+- **freeDiskSpaceInMB** Amount of free disk space.
+- **freeDiskSpaceInMBDelta** Amount of free disk space.
+- **interactive** Informs if this action is caused due to user interaction.
+- **nextAction** Next action to be performed.
+- **priority** The CPU and IO priority this action is being performed on.
+- **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.).
+- **publisherIntent** ID for the metadata associated with the update.
+- **scenario** The result of the action being performed.
+- **update** Update related metadata including UpdateId.
+- **uptimeMinutes** Duration USO for up for in the current boot session.
+- **uptimeMinutesDelta** The change in device uptime while this action was performed.
+- **UusVersion** The version of the UUS stack currently active.
+- **wilActivity** Wil Activity related information.
+
+### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted
+
+Scan event for Server Initiated Healing client.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded.
+- **UusVersion** UUS version.
+- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+
+
+### Microsoft.Windows.Update.SIHClient.CheckForUpdatesSucceeded
+
+Scan event for Server Initiated Healing client
+
+The following fields are available:
+
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CachedEngineVersion** The engine DLL version that is being used.
+- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Launch event for Server Initiated Healing client.
+- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded.
+- **UusVersion** Active UUS Version.
+- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+
+
+### Microsoft.Windows.Update.SIHClient.DownloadSucceeded
+
+Download process event for target update on SIH Client.
+
+The following fields are available:
+
+- **CachedEngineVersion** Version of the Cache Engine.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **DownloadType** Type of Download.
+- **EventInstanceID** ID of the Event Instance being fired.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **TargetMetadataVersion** Version of the Metadata which is being targeted for an update.
+- **UpdateID** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+- **WUDeviceID** Global Device ID utilized to identify Device.
+
+
+### Microsoft.Windows.Update.SIHClient.TaskRunCompleted
+
+This event is a launch event for Server Initiated Healing client.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **CmdLineArgs** Command line arguments passed in by the caller.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UusVersion** The version of the Update Undocked Stack.
+- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+
+
+### Microsoft.Windows.Update.SIHClient.TaskRunStarted
+
+This event is a launch event for Server Initiated Healing client.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **CmdLineArgs** Command line arguments passed in by the caller.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UusVersion** The version of the Update Undocked Stack.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Undocked.Brain.ActiveVersionUpdated
+
+This event gets fired when the active version of the Undocked Update Stack is being updated/
+
+The following fields are available:
+
+- **Fallback** Initiated Process.
+- **FlightID** FlightID associated.
+- **Lock** Lock Group Name.
+- **MinutesSinceInstall** Time to complete process.
+- **Stable** Is VersionActive from stable.
+- **UpdateID** Update identifier.
+- **VersionActive** The now active version of the UUS stack.
+- **VersionPrevious** The previous active version of the UUS stack.
+
+
+### Microsoft.Windows.Update.Undocked.Brain.FailoverVersionExcluded
+
+This event indicates Failover tried to exclude an UUS Version.
+
+The following fields are available:
+
+- **AlreadyExcluded** Boolean.
+- **Exception** The exception encountered during exclusion.
+- **ExclusionReason** Reason for the exclusion.
+- **Success** Success or failure indicator.
+- **VerFailover** The actual UUS Version that failover was running for.
+
+
+### Microsoft.Windows.Update.Undocked.UpdateAgent.DownloadRequest
+
+Download request for undocked update agent
+
+The following fields are available:
+
+- **errorCode** Error code.
+- **flightId** FlightID of the package.
+- **rangeRequestState** State of request for download range.
+- **relatedCV** CV for telemetry mapping.
+- **result** Result code.
+- **sessionId** Logging identification.
+- **updateId** Identifier for payload.
+- **uusVersion** Version of the UUS stack being installed.
+
+
+### Microsoft.Windows.Update.Undocked.UpdateAgent.Initialize
+
+Initialization event of undocked update agent.
+
+The following fields are available:
+
+- **errorCode** Error code.
+- **flightId** FlightID of the package.
+- **flightMetadata** Metadata.
+- **relatedCV** CV for telemetry mapping.
+- **result** Result code.
+- **sessionData** Additional logging.
+- **sessionId** Logging identification.
+- **updateId** Identifier for payload.
+- **uusVersion** Version of the UUS stack being installed.
+
+
+### Microsoft.Windows.Update.Undocked.UpdateAgent.Install
+
+Install event of undocked update agent.
+
+The following fields are available:
+
+- **errorCode** Error code.
+- **flightId** FlightID of the package.
+- **folderExists** Boolean.
+- **packageNewer** version of newer package.
+- **relatedCV** CV for telemetry mapping.
+- **result** Result code.
+- **retryCount** result count.
+- **sessionId** Logging identification.
+- **updateId** Identifier for payload.
+- **uusVersion** Version of the UUS stack being installed.
+
+
+### Microsoft.Windows.Update.Undocked.UpdateAgent.ModeStart
+
+Undocked update agent mode start event.
+
+The following fields are available:
+
+- **flightId** FlightID of the package.
+- **mode** Install or Download mode.
+- **relatedCV** CV for telemetry mapping.
+- **sessionId** Logging identification.
+- **updateId** Identifier for payload.
+- **uusVersion** Version of the UUS stack being installed.
+
+
+### Microsoft.Windows.Update.Undocked.UpdateAgent.Payload
+
+Payload event of undocked update agent.
+
+The following fields are available:
+
+- **errorCode** Error code.
+- **fileCount** Number of files to download.
+- **flightId** FlightID of the package.
+- **mode** Install or Download mode.
+- **relatedCV** CV for telemetry mapping.
+- **result** Result code.
+- **sessionId** Logging identification.
+- **updateId** Identifier for payload.
+- **uusVersion** Version of the UUS stack being installed.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled
+
+This event checks for updates canceled on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download.
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesFailed
+
+This event checks for failed updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **FailedUpdateInfo** Information about the update failure.
+- **HandlerInfo** Blob of Handler related information.
+- **HandlerType** Name of Handler.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download.
+- **Props** A bitmask for additional flags associated with the Windows Update request (IsInteractive, IsSeeker, AllowCachedResults, DriverSyncPassPerformed, IPv4, IPv6, Online, ExtendedMetadataIncl, WUfb).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult.).
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UusVersion** Active UUSVersion.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesRetry
+
+This event checks for update retries on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesScanInitFailed
+
+This event checks for failed update initializations on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan the event was.
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UusVersion** Active UUS version.
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesServiceRegistrationFailed
+
+This event checks for updates for failed service registrations the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition.
+- **CallerName** For drivers targeted to a specific device model, this is the version release of the drivers being distributed to the device.
+- **Context** Context of failure.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced.
+- **NumFailedMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced download.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan the event was.
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.CheckForUpdatesSucceeded
+
+This event checks for successful updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AADDeviceTicketInfo** Identifies result of AAD Device Token Acquisition.
+- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition.
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **HandlerInfo** HandlerInfo Blob.
+- **HandlerType** HandlerType blob.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete.
+- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced.
+- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download.
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceUrl** Environment URL for which a device is configured to scan.
+- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync).
+- **UusVersion** Active UUS version.
+- **WUFBInfo** WufBinfoBlob.
+
+
+### Microsoft.Windows.Update.WUClient.CommitFailed
+
+This event checks for failed commits on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.CommitStarted
+
+This event tracks the commit started event on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Current active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.CommitSucceeded
+
+This event is used to track the commit succeeded process, after the update installation, when the software update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc.
+- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **HandlerType** The specific ID of the flight the device is getting.
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadCanceled
+
+This event tracks the download canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadStartTimeUTC** Download start time to measure the length of the session.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerInfo** HandlerInfo Blob.
+- **HandlerType** HandlerType Blob.
+- **HostName** Identifies the hostname.
+- **NetworkCost** Identifies the network cost.
+- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
+- **Props** A bitmask for additional flags associated with the download request.
+- **Reason** Cancel reason information.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadFailed
+
+This event tracks the download failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Name of application making the Windows Update request. Used to identify context of request.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Provides context about distribution stack for reporting.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **DownloadStartTimeUTC** Start time to measure length of session.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerInfo** HandlerInfo Blob.
+- **HandlerType** HandlerType Blob.
+- **HostName** Identifies the hostname.
+- **NetworkCost** Identifies the network cost.
+- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted.
+- **Props** Commit Props (MergedUpdate).
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadPaused
+
+This event is fired when the Download stage is paused.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **HandlerInfo** Blob of Handler related information.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate)
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadQueued
+
+This event tracks the download queued event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerInfo** Blob of Handler related information.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate)
+- **QueuedReason** The reason in which a download has been queued.
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClient.DownloadResumed
+
+This event is fired when the Download of content is continued from a pause state.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **DownloadPriority** Indicates the priority of the download activity.
+- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
+- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **HandlerInfo** Blob of Handler related information.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate)
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClient.InstallCanceled
+
+This event tracks the install canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive)
+- **Reason** Install canceled reason.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.InstallFailed
+
+This event tracks the install failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerInfo** Handler specific information.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UndockedComponents** Information about the undocked components.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.InstallRebootPending
+
+This event tracks the install reboot pending event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+### Microsoft.Windows.Update.WUClient.InstallStarted
+
+The event tracks the install started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.InstallSucceeded
+
+The event tracks the successful install event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerInfo** Handler specific datapoints.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UndockedComponents** Information about the undocked components.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.RevertFailed
+
+This event tracks the revert failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Commit Props (MergedUpdate)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClient.RevertStarted
+
+This event tracks the revert started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Revert props (MergedUpdate)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClient.RevertSucceeded
+
+The event tracks the successful revert event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ClassificationId** Classification identifier of the update content.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **Props** Revert props (MergedUpdate)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint
+
+This is a checkpoint event between the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **FileId** Unique identifier for the downloaded file.
+- **FileName** Name of the downloaded file.
+- **FlightId** The specific ID of the flight the device is getting.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat
+
+This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **BytesTotal** Total bytes to transfer for this content.
+- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat.
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat.
+- **CurrentError** Last (transient) error encountered by the active download.
+- **DownloadHBFlags** Flags indicating if power state is ignored.
+- **DownloadState** Current state of the active download for this content (queued, suspended, progressing).
+- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver".
+- **FlightId** The specific ID of the flight the device is getting.
+- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any.
+- **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any.
+- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby).
+- **Props** Commit Props (MergedUpdate)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **ResumeCount** Number of times this active download has resumed from a suspended state.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SuspendCount** Number of times this active download has entered a suspended state.
+- **SuspendReason** Last reason for which this active download has entered suspended state.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed.
+- **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data.
+- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id).
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **RawValidityWindowInDays** Raw unparsed string of validity window in effect when verifying the timestamp.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UusVersion** Active UUS version.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral
+
+Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
+
+The following fields are available:
+
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EndpointUrl** Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.)
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult)
+- **UusVersion** The version of the Update Undocked Stack
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce.
+- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id).
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **RevisionId** Identifies the revision of this specific piece of content.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key.
+- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
+- **SignatureAlgorithm** Hash algorithm for the metadata signature.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed.
+- **UpdateID** String of update ID and version number.
+- **UusVersion** The version of the Update Undocked Stack.
+
+
+### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp
+
+This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date.
+
+The following fields are available:
+
+- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed.
+- **UusVersion** Active UUS Version.
+- **ValidityWindowInDays** Validity window in effect when verifying the timestamp.
+
+
+### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed
+
+This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **ModulePath** Path of the undocked module.
+- **ModuleVersion** Version of the undocked module.
+- **Props** A bitmask for flags associated with loading the undocked module.
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
+- **StatusCode** Result of the undocked module loading operation.
+- **UusSessionID** Unique ID used to create the UUS session.
+- **UusVersion** Active UUS version.
+
+
+## Winlogon events
+
+### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
+
+This event signals the completion of the setup process. It happens only once during the first logon.
\ No newline at end of file
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
index 15649caaf5..8b37f691d4 100644
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -7,7 +7,7 @@ ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
-ms.date: 04/24/2024
+ms.date: 10/01/2024
ms.collection: privacy-windows
ms.topic: reference
---
@@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
@@ -167,7 +168,6 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser binary generating the events.
-
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date.
@@ -438,7 +438,7 @@ The following fields are available:
- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden?
+- **DriverBlockOverridden** Is there a driver block on the device that has been overridden?
- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
@@ -1475,7 +1475,7 @@ The following fields are available:
- **AzureOSIDPresent** Represents the field used to identify an Azure machine.
- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
- **CDJType** Represents the type of cloud domain joined for the machine.
-- **CommercialId** Represents the GUID for the commercial entity that the device is a member of. Will be used to reflect insights back to customers.
+- **CommercialId** Represents the GUID for the commercial entity that the device is a member of. Will be used to reflect insights back to customers.
- **ContainerType** The type of container, such as process or virtual machine hosted.
- **EnrollmentType** Defines the type of MDM enrollment on the device.
- **HashedDomain** The hashed representation of the user domain used for login.
@@ -1490,7 +1490,6 @@ The following fields are available:
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
-
### Census.Firmware
This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date.
@@ -1956,6 +1955,7 @@ The following fields are available:
Fires when HVCI is already enabled so no need to continue auto-enablement.
+
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
Fires when driver scanning fails to get results.
@@ -2197,6 +2197,7 @@ The following fields are available:
- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
- **xid** A list of base10-encoded XBOX User IDs.
+
## Common data fields
### Ms.Device.DeviceInventoryChange
@@ -2212,6 +2213,7 @@ The following fields are available:
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
## Component-based servicing events
### CbsServicingProvider.CbsCapabilityEnumeration
@@ -2985,6 +2987,7 @@ The following fields are available:
- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state.
- **wilActivity** Windows Mixed Reality Portal app wilActivity ID.
+
### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming
This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
@@ -3570,7 +3573,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
+This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -3753,7 +3756,7 @@ This Ping event sends a detailed inventory of software and hardware information
The following fields are available:
- **appAp** Any additional parameters for the specified application. Default: ''.
-- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. See the wiki for additional information. Default: undefined.
+- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined.
- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev).
- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
@@ -3761,13 +3764,13 @@ The following fields are available:
- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. See the wiki for additional information. Default: '-2'.
+- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
- **appLastLaunchTime** The time when browser was last launched.
-- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. See the wiki for additional information. Default: '0.0.0.0'.
+- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country or region code that matches to the country or region updated binaries are delivered from. E.g.: US.
@@ -3781,8 +3784,8 @@ The following fields are available:
- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult** An enum indicating the result of the event. See the wiki for additional information. Default: '0'.
-- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. See the wiki for additional information.
+- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'.
+- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute.
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
@@ -3794,9 +3797,9 @@ The following fields are available:
- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
-- **appVersion** The version of the product install. See the wiki for additional information. Default: '0.0.0.0'.
+- **appVersion** The version of the product install. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **eventType** A string indicating the type of the event. See the wiki for additional information.
+- **eventType** A string indicating the type of the event.
- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
- **hwDiskType** Device’s hardware disk type.
- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'.
@@ -3996,7 +3999,6 @@ The following fields are available:
- **extendedData** GTL extended data section for each app to add its own extensions.
- **timeToActionMs** Time in MS for this Page Action.
-
### Microsoft.Surface.Mcu.Prod.CriticalLog
Error information from Surface device firmware.
@@ -4312,7 +4314,7 @@ The following fields are available:
- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing)
- **EventType** Possible values are "Child", "Bundle", or "Driver"
- **FlightId** The unique identifier for each flight
-- **IsNetworkMetered** Indicates whether Windows considered the current network to be metered"
+- **IsNetworkMetered** Indicates whether Windows considered the current network to be "metered"
- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any
- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any
- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
@@ -6355,7 +6357,7 @@ The following fields are available:
- **flightMetadata** Contains the FlightId and the build being flighted.
- **objectId** Unique value for each Update Agent mode.
- **relatedCV** Correlation vector value generated from the latest USO scan.
-- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled.
+- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled.
- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios).
- **sessionId** Unique value for each Update Agent mode attempt.
@@ -6589,6 +6591,15 @@ The following fields are available:
- **WasPresented** True if the user interaction campaign is displayed to the user.
+### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit
+
+This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly.
+
+The following fields are available:
+
+- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed.
+
+
## Windows Update mitigation events
### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete
@@ -6840,7 +6851,4 @@ The following fields are available:
- **Disposition** The parameter for the hard reserve adjustment function.
- **Flags** The flags passed to the hard reserve adjustment function.
- **PendingHardReserveAdjustment** The final change to the hard reserve size.
-- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
-
-
-
+- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
\ No newline at end of file
diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
index 4fb9beb260..e008b7598b 100644
--- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
+++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
@@ -7,7 +7,7 @@ ms.localizationpriority: high
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
-ms.date: 04/24/2024
+ms.date: 10/01/2024
ms.collection: privacy-windows
ms.topic: reference
---
@@ -31,6 +31,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md)
- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md)
- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
@@ -873,7 +874,7 @@ The following fields are available:
- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
-- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden?
+- **DriverBlockOverridden** Is there a driver block on the device that has been overridden?
- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
@@ -2476,7 +2477,8 @@ Fires when the compatibility check completes. Gives the results from the check.
The following fields are available:
- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false.
-- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement).
+- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement).
+
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled
@@ -4334,6 +4336,7 @@ The following fields are available:
- **InventoryVersion** The version of the inventory binary generating the events.
+
### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd
This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date.
@@ -4608,6 +4611,7 @@ The following fields are available:
- **InventoryVersion** The version of the inventory file generating the events.
+
### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows.
@@ -4858,7 +4862,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
-This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly.
+This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
@@ -5148,7 +5152,7 @@ This Ping event sends a detailed inventory of software and hardware information
The following fields are available:
- **appAp** Any additional parameters for the specified application. Default: ''.
-- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined.
+- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined.
- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''.
- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev).
- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''.
@@ -5156,13 +5160,13 @@ The following fields are available:
- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''.
- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited.
-- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'.
+- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'.
- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''.
- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'.
- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'.
- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''.
- **appLastLaunchTime** The time when browser was last launched.
-- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply.
- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z.
@@ -5180,8 +5184,8 @@ The following fields are available:
- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''.
- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'.
-- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'.
-- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information.
+- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'.
+- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute.
- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'.
- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'.
- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'.
@@ -5195,9 +5199,9 @@ The following fields are available:
- **appUpdateCheckTargetChannel** Check for status showing the target release channel.
- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''.
- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''.
-- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'.
+- **appVersion** The version of the product install. Default: '0.0.0.0'.
- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full.
-- **eventType** A string indicating the type of the event. Please see the wiki for additional information.
+- **eventType** A string indicating the type of the event.
- **expDeviceId** A non-unique resettable device ID to identify a device in experimentation.
- **expEtag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only.
@@ -5618,6 +5622,7 @@ The following fields are available:
- **criticalLogSize** Log size
- **CUtility::GetTargetNameA(target)** Product identifier.
- **productId** Product identifier
+- **SurfaceTelemetry_EventType** Required vs. Optional event
- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure.
@@ -5639,6 +5644,7 @@ This event sends information about the Operating System image name to Microsoft.
The following fields are available:
+- **SurfaceTelemetry_EventType** Required vs. Optional event
- **szOsImageName** This is the image name that is running on the device.
@@ -5691,6 +5697,7 @@ The following fields are available:
- **UpdateType** Indicates if it's DB or DBX update
- **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed
+
### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted
Event that indicates secure boot update has started.
@@ -5746,9 +5753,7 @@ The following fields are available:
- **touchKeyboardDesktop** Touch keyboard desktop
- **touchKeyboardTablet** Touch keyboard tablet
- **triggerType** Trigger type
-- **usePowershell** Use PowerShell
-
-
+- **usePowershell** Use PowerShell.
## Privacy consent logging events
@@ -6558,8 +6563,9 @@ The following fields are available:
- **CUtility::GetTargetNameA(Target)** Sub component name.
- **HealthLog** Health indicator log.
- **healthLogSize** 4KB.
+- **PartA_PrivacyProduct** Product tag
- **productId** Identifier for product model.
-
+- **SurfaceTelemetry_EventType** Required vs. Optional event
### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2
@@ -6568,9 +6574,25 @@ This event sends reason for SAM, PCH and SoC reset. The data collected with this
The following fields are available:
- **ControllerResetCause** The cause for the controller reset.
+- **EcResetCause** EC reset cause.
+- **FaultReset1Cause** Fault 1 reset cause.
+- **FaultReset2Cause** Fault 2 reset cause.
- **HostResetCause** Host reset cause.
+- **OffResetCause** Off reset cause.
+- **OnResetCause** On reset cause.
+- **PartA_PrivacyProduct** Product tag
- **PchResetCause** PCH reset cause.
+- **PoffResetCause** Power Off reset cause.
+- **PonResetCause** Power On reset cause.
+- **S3ResetCause** S3 reset cause.
- **SamResetCause** SAM reset cause.
+- **SamResetCauseExtBacklightState** SAM Reset Display Backlight state.
+- **SamResetCauseExtLastPowerButtonTime** SAM Reset Last Power Button time.
+- **SamResetCauseExtLastSshCommunicationTime** SAM Reset Last SSH Communication time.
+- **SamResetCauseExtPostureStateReason** SAM Reset Last Posture State reason.
+- **SamResetCauseExtRestartReason** SAM Reset Extended Restart reason.
+- **SurfaceTelemetry_EventType** Required vs. Optional event.
+- **WarmResetCause** Warm reset cause.
## Update Assistant events
@@ -10018,7 +10040,4 @@ The following fields are available:
- **videoResolution** Video resolution to use.
- **virtualMachineName** VM name.
- **waitForClientConnection** True if we should wait for client connection.
-- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled.
-
-
-
+- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled.
\ No newline at end of file
diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml
index 9c47130eca..e177a03cd3 100644
--- a/windows/privacy/toc.yml
+++ b/windows/privacy/toc.yml
@@ -13,6 +13,8 @@
href: diagnostic-data-viewer-powershell.md
- name: Required Windows diagnostic data events and fields
items:
+ - name: Windows 11, version 24H2
+ href: required-diagnostic-events-fields-windows-11-24H2.md
- name: Windows 11, versions 23H2 and 22H2
href: required-diagnostic-events-fields-windows-11-22H2.md
- name: Windows 11, version 21H2
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
index 7bf6e12c5a..645cf45add 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
@@ -462,6 +462,9 @@ From the **BitLocker Drive Encryption** Control Panel applet, select the OS driv
### Resume BitLocker
+> [!NOTE]
+> Resuming protection only works on devices that have accepted the Windows EULA.
+
#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
```powershell
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
index 4625b2f5e0..808550018a 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
@@ -21,6 +21,7 @@ The following list provides examples of common events that cause a device to ent
- Docking or undocking a portable computer
- Changes to the NTFS partition table on the disk
- Changes to the boot manager
+- Using PXE boot
- Turning off, disabling, deactivating, or clearing the TPM
- TPM self-test failure
- Upgrading the motherboard to a new one with a new TPM
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
index 4b1498edf5..a3cded5a34 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
@@ -180,6 +180,9 @@ When a volume is unlocked using a recovery password:
After the volume is unlocked, BitLocker behaves the same way, regardless of how the access was granted.
+> [!NOTE]
+> If you move an OS volume with a TPM protector to a different device and unlock it using a recovery protector, BitLocker will bind to the new TPM. Returning the volume to the original device will prompt for the recovery protector due to the TPM mismatch. Once unlocked using recovery protector again, the volume will re-bind to the original device.
+
If a device experiences multiple recovery password events, an administrator should perform post-recovery analysis to determine the root cause of the recovery. Then, refresh the BitLocker platform validation to prevent entering a recovery password each time that the device starts up.
### Determine the root cause of the recovery
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index c652900182..05f61ccf78 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -3,7 +3,7 @@ title: Get support for security baselines
description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
ms.localizationpriority: medium
ms.topic: conceptual
-ms.date: 07/10/2024
+ms.date: 10/01/2024
---
# Get Support
@@ -47,6 +47,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
| Name | Build | Baseline release date | Security tools |
|--|--|--|--|
+| Windows 11 | [24H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-24h2-security-baseline/ba-p/4252801)
| October 2024
| [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
| Windows 11 | [23H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618)
| October 2023
| [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
| Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520)
| September 2022
| [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724)
[21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
[20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
[1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
[1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update) | October 2022
December 2021
December 2020
October 2018
October 2016
January 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
index a1a1d93059..ced5288d21 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -2,7 +2,7 @@
title: Microsoft Security Compliance Toolkit Guide
description: This article describes how to use Security Compliance Toolkit in your organization.
ms.topic: conceptual
-ms.date: 07/10/2024
+ms.date: 10/01/2024
---
# Microsoft Security Compliance Toolkit - How to use
@@ -16,6 +16,7 @@ The SCT enables administrators to effectively manage their enterprise's Group Po
The Security Compliance Toolkit consists of:
- Windows 11 security baseline
+ - Windows 11, version 24H2
- Windows 11, version 23H2
- Windows 11, version 22H2
- Windows 11, version 21H2