From 0b7421daacf85820649220cc21036be50cd158ab Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 31 Aug 2021 20:55:26 +0530
Subject: [PATCH 01/19] Updated
---
.../mdm/policy-csp-admx-ciphersuiteorder.md | 44 +-
.../mdm/policy-csp-admx-com.md | 44 +-
.../mdm/policy-csp-admx-controlpanel.md | 90 ++-
.../policy-csp-admx-controlpaneldisplay.md | 624 ++++++++++++------
.../mdm/policy-csp-admx-cpls.md | 27 +-
.../policy-csp-admx-credentialproviders.md | 81 ++-
.../mdm/policy-csp-admx-credssp.md | 296 ++++++---
.../mdm/policy-csp-admx-credui.md | 52 +-
.../mdm/policy-csp-admx-ctrlaltdel.md | 108 ++-
9 files changed, 952 insertions(+), 414 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 44e91fe2e9..b0f0a3ca01 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -40,28 +40,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
-  |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
-  |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -78,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
@@ -113,28 +119,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -151,7 +163,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 13d4fabf45..515d46c987 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -40,28 +40,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -78,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
@@ -115,28 +121,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -153,7 +165,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
+This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 9dec30ad01..bd127d636b 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -45,28 +45,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -83,7 +89,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
@@ -122,28 +128,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -160,7 +172,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default Control Panel view, whether by category or icons.
+This policy setting controls the default Control Panel view, whether by category or icons.
If this policy setting is enabled, the Control Panel opens to the icon view.
@@ -196,28 +208,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -277,28 +295,38 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -315,7 +343,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
+This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index f1f3907cbe..828dd52285 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -105,28 +105,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -143,7 +149,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Disables the Display Control Panel.
+Disables the Display Control Panel.
If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.
@@ -174,28 +180,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -212,7 +229,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Removes the Settings tab from Display in Control Panel.
+Removes the Settings tab from Display in Control Panel.
This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
@@ -241,28 +258,40 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
+
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -279,7 +308,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting forces the theme color scheme to be the default color scheme.
+This setting forces the theme color scheme to be the default color scheme.
If you enable this setting, a user cannot change the color scheme of the current desktop theme.
@@ -312,28 +341,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -350,7 +390,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting disables the theme gallery in the Personalization Control Panel.
+This setting disables the theme gallery in the Personalization Control Panel.
If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).
@@ -384,28 +424,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -422,7 +473,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
+Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
When enabled on Windows XP, this setting disables the "Windows and buttons" drop-down list on the Appearance tab in Display Properties.
@@ -453,28 +504,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -491,7 +553,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Enables desktop screen savers.
+Enables desktop screen savers.
If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.
@@ -526,28 +588,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -564,7 +637,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.
+This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file. The same image will be used for both the lock and logon screens.
This setting lets you specify the default lock screen and logon image shown when no user is signed in, and also sets the specified image as the default for all users (it replaces the inbox default image).
@@ -599,28 +672,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -637,7 +721,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the size of the font in the windows and buttons displayed on their screens.
+Prevents users from changing the size of the font in the windows and buttons displayed on their screens.
If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled.
@@ -668,28 +752,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -706,7 +801,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the background image shown when the machine is locked or when on the logon screen.
+Prevents users from changing the background image shown when the machine is locked or when on the logon screen.
By default, users can change the background image shown when the machine is locked or displaying the logon screen.
@@ -737,28 +832,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -775,7 +881,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the look of their start menu background, such as its color or accent.
+Prevents users from changing the look of their start menu background, such as its color or accent.
By default, users can change the look of their start menu background, such as its color or accent.
@@ -810,28 +916,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11
|
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -848,7 +965,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.
+Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.
This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
@@ -881,28 +998,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -919,7 +1047,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from adding or changing the background design of the desktop.
+Prevents users from adding or changing the background design of the desktop.
By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.
@@ -956,28 +1084,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -994,7 +1133,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the desktop icons.
+Prevents users from changing the desktop icons.
By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.
@@ -1027,28 +1166,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1096,28 +1246,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1165,28 +1326,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1203,7 +1375,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
+Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel.
This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
@@ -1232,28 +1404,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1270,7 +1453,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Prevents users from changing the sound scheme.
+Prevents users from changing the sound scheme.
By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.
@@ -1301,28 +1484,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1339,7 +1533,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
+Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB.
By default, users can change the background and accent colors.
@@ -1370,28 +1564,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1408,7 +1613,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Determines whether screen savers used on the computer are password protected.
+Determines whether screen savers used on the computer are password protected.
If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.
@@ -1446,8 +1651,9 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
@@ -1455,19 +1661,27 @@ ADMX Info:
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1484,7 +1698,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Specifies how much user idle time must elapse before the screen saver is launched.
+Specifies how much user idle time must elapse before the screen saver is launched.
When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started.
@@ -1530,23 +1744,33 @@ ADMX Info:
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1563,7 +1787,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Specifies the screen saver for the user's desktop.
+Specifies the screen saver for the user's desktop.
If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver.
@@ -1601,28 +1825,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1675,23 +1910,33 @@ ADMX Info:
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1708,7 +1953,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
+This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.
This can be a local computer visual style (aero.msstyles), or a file located on a remote server using a UNC path (\\Server\Share\aero.msstyles).
@@ -1748,28 +1993,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -1786,7 +2042,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
+Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it.
If this setting is set to zero or not configured, then Start uses the default background, and users can change it.
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 6ad7cad008..e1ee9b86de 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -36,28 +36,39 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -74,7 +85,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
+This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
> [!NOTE]
> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index b7ed4ab54a..0cad585609 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -42,28 +42,39 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
|
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -80,7 +91,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
+This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
@@ -115,28 +126,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -153,7 +175,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
+This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
If you enable this policy setting, the specified credential provider is selected on other user tile.
@@ -188,28 +210,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -226,7 +259,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
+This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
> [!NOTE]
> Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 04bbf46ba4..f55b199a4f 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -66,28 +66,38 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
@@ -104,7 +114,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved via NTLM.
@@ -146,28 +156,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -184,7 +205,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved by using a trusted X509 certificate or Kerberos.
@@ -231,28 +252,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -269,7 +301,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable clients and servers. This policy allows you to set the level of protection desired for the encryption oracle vulnerability.
@@ -311,28 +343,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -349,7 +392,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
@@ -393,28 +436,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -431,7 +485,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved via NTLM.
@@ -475,28 +529,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -513,7 +578,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.
@@ -557,28 +622,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -595,7 +671,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
This policy setting applies when server authentication was achieved via NTLM.
@@ -639,28 +715,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -677,7 +764,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).
@@ -719,28 +806,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -757,7 +855,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
@@ -799,28 +897,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -837,7 +946,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
+This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).
If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
@@ -879,28 +988,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -917,7 +1037,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
+When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied credentials to a remote host. Restricted Admin limits access to resources located on other servers or networks from the remote host because credentials are not delegated. Remote Credential Guard does not limit access to resources because it redirects all requests back to the client device.
Participating apps:
Remote Desktop Client
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index acb7942b92..d1ad1b5737 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -39,28 +39,39 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -77,7 +88,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
+This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
> [!NOTE]
> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
@@ -111,28 +122,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index b42e1e9ad0..9836d5e9d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -45,28 +45,39 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -83,7 +94,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their Windows password on demand.
+This policy setting prevents users from changing their Windows password on demand.
If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
@@ -115,28 +126,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -153,7 +175,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from locking the system.
+This policy setting prevents users from locking the system.
While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.
@@ -188,28 +210,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -226,7 +259,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from starting Task Manager.
+This policy setting prevents users from starting Task Manager.
Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
@@ -259,28 +292,39 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
+
| Pro |
- |
+ No |
+ No |
+
| Business |
- |
+ No |
+ No |
+
| Enterprise |
- |
+ Yes |
+ Yes |
+
| Education |
- |
+ No |
+ No |
+
@@ -297,7 +341,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting disables or removes all menu items and buttons that log the user off the system.
+This policy setting disables or removes all menu items and buttons that log the user off the system.
If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.
From 4fa1b3ca16538d60ee76e158e716d964fa70f54c Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 28 Sep 2021 11:35:38 +0530
Subject: [PATCH 02/19] Updated
---
.../mdm/policy-csp-admx-ciphersuiteorder.md | 31 +-
.../mdm/policy-csp-admx-com.md | 31 +-
.../mdm/policy-csp-admx-controlpanel.md | 55 ++--
.../policy-csp-admx-controlpaneldisplay.md | 264 +++++-------------
.../mdm/policy-csp-admx-cpls.md | 22 +-
.../policy-csp-admx-credentialproviders.md | 46 +--
.../mdm/policy-csp-admx-credssp.md | 122 ++------
.../mdm/policy-csp-admx-credui.md | 36 +--
.../mdm/policy-csp-admx-ctrlaltdel.md | 52 ++--
9 files changed, 188 insertions(+), 471 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index b0f0a3ca01..514efdce81 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -14,8 +14,12 @@ manager: dansimp
# Policy CSP - ADMX_CipherSuiteOrder
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -66,8 +70,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -93,12 +97,7 @@ If you disable or do not configure this policy setting, default cipher suite ord
For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Schannel SSP)](/windows/win32/secauthn/cipher-suites-in-schannel).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -145,8 +144,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -182,12 +181,6 @@ CertUtil.exe -DisplayEccCurve
```
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -200,7 +193,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 515d46c987..abac5580d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -14,8 +14,12 @@ manager: dansimp
# Policy CSP - ADMX_COM
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -66,8 +70,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -95,12 +99,7 @@ If you disable or do not configure this policy setting, the program continues wi
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -147,8 +146,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -176,12 +175,6 @@ If you disable or do not configure this policy setting, the program continues wi
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -194,7 +187,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index bd127d636b..bdd6e7f313 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_ControlPanel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -71,8 +76,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -104,12 +109,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. Note: To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -154,8 +154,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -184,12 +184,7 @@ If this policy setting is not configured, the Control Panel opens to the view us
> Icon size is dependent upon what the user has set it to in the previous session.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -234,8 +229,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -271,12 +266,7 @@ This setting removes PC settings from:
If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -324,8 +314,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -358,12 +348,6 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
> To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -376,7 +360,4 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 828dd52285..d86682733e 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_ControlPanelDisplay
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -131,8 +136,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -156,12 +161,7 @@ If you enable this setting, the Display Control Panel does not run. When users t
Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -210,8 +210,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -234,12 +234,7 @@ Removes the Settings tab from Display in Control Panel.
This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -289,8 +284,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -317,12 +312,6 @@ If you disable or do not configure this setting, a user may change the color sch
For Windows 7 and later, use the "Prevent changing color and appearance" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -371,8 +360,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -400,12 +389,6 @@ If you disable or do not configure this setting, there is no effect.
> If you enable this setting but do not specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -454,8 +437,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -480,12 +463,6 @@ When enabled on Windows XP, this setting disables the "Windows and buttons" drop
When enabled on Windows XP and later systems, this setting prevents users and applications from changing the visual style through the command line. Also, a user may not apply a different visual style when changing themes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -534,8 +511,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -564,12 +541,6 @@ If you enable it, a screen saver runs, provided the following two conditions hol
Also, see the "Prevent changing Screen Saver" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -618,8 +589,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -648,12 +619,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon
Note: This setting only applies to Enterprise, Education, and Server SKUs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -702,8 +668,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -728,12 +694,6 @@ If this setting is enabled, the "Font size" drop-down list on the Appearance tab
If you disable or do not configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -782,8 +742,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -808,12 +768,6 @@ By default, users can change the background image shown when the machine is lock
If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -862,8 +816,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -892,12 +846,6 @@ If the "Force a specific background and accent color" policy is also set on a su
If the "Force a specific Start background" policy is also set on a supported version of Windows, then that background takes precedence over this policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -946,8 +894,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -974,12 +922,6 @@ If this setting is disabled or not configured, the Color (or Window Color) page
For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1028,8 +970,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1060,12 +1002,6 @@ Note: You must also enable the "Desktop Wallpaper" setting to prevent users from
Also, see the "Allow only bitmapped wallpaper" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1114,8 +1050,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1142,12 +1078,6 @@ If you enable this setting, none of the desktop icons can be changed by the user
For systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1196,8 +1126,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1222,12 +1152,6 @@ If you enable this policy setting, users that are not required to press CTRL + A
If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1276,8 +1200,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1302,12 +1226,6 @@ By default, users can use the Pointers tab in the Mouse Control Panel to add, re
If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1356,8 +1274,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1380,12 +1298,6 @@ Prevents the Screen Saver dialog from opening in the Personalization or Display
This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1434,8 +1346,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1460,12 +1372,6 @@ By default, users can use the Sounds tab in the Sound Control Panel to add, remo
If you enable this setting, none of the Sound Scheme settings can be changed by the user.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1514,8 +1420,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1540,12 +1446,6 @@ By default, users can change the background and accent colors.
If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1594,8 +1494,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1627,12 +1527,6 @@ To ensure that a computer will be password protected, enable the "Enable Screen
> To remove the Screen Saver dialog, use the "Prevent changing Screen Saver" setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1679,8 +1573,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1715,12 +1609,6 @@ This setting has no effect under any of the following circumstances:
When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1739,8 +1627,9 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
@@ -1768,8 +1657,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1801,12 +1690,6 @@ If the specified screen saver is not installed on a computer to which this setti
> This setting can be superseded by the "Enable Screen Saver" setting. If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1855,8 +1738,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1881,12 +1764,6 @@ If you enable this setting, the theme that you specify will be applied when a ne
If you disable or do not configure this setting, the default theme will be applied at the first logon.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1905,8 +1782,9 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
@@ -1934,8 +1812,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1969,12 +1847,6 @@ If you disable or do not configure this setting, the users can select the visual
> To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2023,8 +1895,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2049,12 +1921,6 @@ If this setting is set to zero or not configured, then Start uses the default ba
If this setting is set to a nonzero value, then Start uses the specified background, and users cannot change it. If the specified background is not supported, the default background is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2067,7 +1933,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index e1ee9b86de..71ba7fb9c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_Cpls
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -66,8 +71,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -95,12 +100,7 @@ If you enable this policy setting, the default user account picture will display
If you disable or do not configure this policy setting, users will be able to customize their account pictures.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -113,8 +113,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 0cad585609..92d2b7cfc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_CredentialProviders
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -72,8 +77,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -102,12 +107,7 @@ If you don't configure this policy setting on a domain-joined device, a user can
If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -156,8 +156,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -185,12 +185,6 @@ If you disable or do not configure this policy setting, the system picks the def
> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -240,8 +234,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -269,12 +263,6 @@ If you enable this policy, an administrator can specify the CLSIDs of the creden
If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -287,9 +275,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are for upcoming release.
-
-
-These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index f55b199a4f..2c66db1203 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_CredSsp
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,8 +101,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -132,12 +137,7 @@ If you disable or do not configure (by default) this policy setting, delegation
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -186,8 +186,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -228,12 +228,6 @@ https://go.microsoft.com/fwlink/?LinkId=301508
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -282,8 +276,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -319,12 +313,6 @@ If you enable this policy setting, CredSSP version support will be selected base
For more information about the vulnerability and servicing requirements for protection, see https://go.microsoft.com/fwlink/?linkid=866660
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -373,8 +361,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -412,12 +400,6 @@ If you disable this policy setting, delegation of fresh credentials is not permi
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -466,8 +448,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -505,12 +487,6 @@ If you disable this policy setting, delegation of fresh credentials is not permi
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -559,8 +535,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -598,12 +574,6 @@ If you disable this policy setting, delegation of saved credentials is not permi
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -652,8 +622,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -691,12 +661,6 @@ If you disable this policy setting, delegation of saved credentials is not permi
> - TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -745,8 +709,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -782,12 +746,6 @@ If you disable or do not configure (by default) this policy setting, this policy
This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating default credentials" server list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -836,8 +794,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -873,12 +831,6 @@ If you disable or do not configure (by default) this policy setting, this policy
This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating fresh credentials" server list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -927,8 +879,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -964,12 +916,6 @@ If you disable or do not configure (by default) this policy setting, this policy
This policy setting can be used in combination with the "Allow delegating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow delegating saved credentials" server list.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1018,8 +964,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1056,12 +1002,6 @@ If you disable or do not configure this policy setting, Restricted Admin and Rem
> On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1074,8 +1014,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index d1ad1b5737..b6e48f936c 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_CredUI
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -69,8 +74,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -98,12 +103,6 @@ If you enable this policy setting, users will be required to enter Windows crede
If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -152,8 +151,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -174,12 +173,7 @@ ADMX Info:
Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -190,10 +184,6 @@ ADMX Info:
-
-
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
+<
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 9836d5e9d0..0098e79df8 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_CtrlAltDel
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -75,8 +80,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -101,12 +106,7 @@ If you enable this policy setting, the 'Change Password' button on the Windows S
However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -156,8 +156,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -187,12 +187,6 @@ If you disable or do not configure this policy setting, users will be able to lo
> To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -240,8 +234,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -268,12 +262,6 @@ If you enable this policy setting, users will not be able to access Task Manager
If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -322,8 +310,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -350,12 +338,6 @@ Also, see the 'Remove Logoff on the Start Menu' policy setting.
If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -368,8 +350,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
From 5d0648b05cdcd08b123f75493d84d164114f68c4 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 11:26:13 -0700
Subject: [PATCH 03/19] update with 11
---
.../windows-10-subscription-activation.md | 60 +++++++++++--------
1 file changed, 35 insertions(+), 25 deletions(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 16e8c70c2a..b52b567397 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -1,6 +1,6 @@
---
-title: Windows 10 Subscription Activation
-description: In this article, you will learn how to dynamically enable Windows 10 Enterprise or Education subscriptions.
+title: Windows 10/11 Subscription Activation
+description: In this article, you will learn how to dynamically enable Windows 10 and Windows 11 Enterprise or Education subscriptions.
keywords: upgrade, update, task sequence, deploy
ms.custom: seo-marvel-apr2020
ms.prod: w10
@@ -17,45 +17,49 @@ search.appverid:
ms.topic: article
---
-# Windows 10 Subscription Activation
+# Windows 10/11 Subscription Activation
-Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5.
+Applies to:
+- Windows 10
+- Windows 11
-With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions—**Windows 10 Education**.
+Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+
+With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
-## Subscription Activation for Windows 10 Enterprise
+## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
-With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
+With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
If you are running Windows 10, version 1703 or later:
-- Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.
-- Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions.
+- Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
+- Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
-## Subscription Activation for Windows 10 Education
+## Subscription Activation for Windows 10 Education and Windows 11 Education
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
## Summary
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
-- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing.
+- [Benefits](#benefits): Advantages of Windows 10/11 subscription-based licensing.
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10/11 Subscription Activation for VMs in the cloud.
-For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
+For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
## Inherited Activation
-Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
+Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
-When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V.
@@ -83,12 +87,15 @@ The following figure illustrates how deploying Windows 10 has evolved with each
- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
+> [!NOTE]
+> All the benefits of Windows 10 Subscription Activation are carried forward with Windows 11 and Windows 10/11 Subscription Activation.
+
## Requirements
-### Windows 10 Enterprise requirements
+### Windows 10/11 Enterprise requirements
> [!NOTE]
-> The following requirements do not apply to general Windows 10 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+> The following requirements do not apply to general Windows 10/11 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
> [!NOTE]
> Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
@@ -99,7 +106,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
-For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
+For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10/11 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10/11 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/en-us/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
@@ -123,7 +130,7 @@ If the device is running Windows 10, version 1809 or later:
-### Windows 10 Education requirements
+### Windows 10/11 Education requirements
- Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
@@ -139,7 +146,7 @@ If the device is running Windows 10, version 1809 or later:
## Benefits
-With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
+With Windows 10/11 Enterprise or Windows 10/11 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10/11 Education or Windows 10/11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)
- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing)
@@ -158,6 +165,9 @@ You can benefit by moving to Windows as an online service in the following ways:
## How it works
+> [!NOTE]
+. The following Windows 10 examples and scenarios also apply to Windows 11.
+
The device is AAD joined from **Settings > Accounts > Access work or school**.
The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
@@ -214,8 +224,8 @@ If you’re running Windows 7, it can be more work. A wipe-and-load approach w
The following policies apply to acquisition and renewal of licenses on devices:
- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
-- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
-- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user has not logged in the longest will revert to Windows 10 Pro or Windows 10 Pro Education.
+- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10/11 Pro or Windows 10/11 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
+- Up to five devices can be upgraded for each user license. If the user license is used for a sixth device, the operating system on the computer to which a user has not logged in the longest will revert to Windows 10/11 Pro or Windows 10/11 Pro Education.
- If a device meets the requirements and a licensed user signs in on that device, it will be upgraded.
Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
@@ -224,7 +234,7 @@ When you have the required Azure AD subscription, group-based licensing is the p
### Existing Enterprise deployments
-If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
+If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10/11 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise.
> [!CAUTION]
> Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience).
@@ -273,7 +283,7 @@ See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
## Virtual Desktop Access (VDA)
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://microsoft.com/en-us/CloudandHosting/licensing_sca.aspx).
Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md).
From acc1caa9c0efe9909c332368c165e2daabc5b7d1 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 12:15:45 -0700
Subject: [PATCH 04/19] update with 11
---
windows/deployment/TOC.yml | 6 +-
.../windows-10-enterprise-e3-overview.md | 67 +++++++++----------
.../windows-10-subscription-activation.md | 24 ++-----
3 files changed, 40 insertions(+), 57 deletions(-)
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 18817d1d38..cdcc9f1abd 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -134,13 +134,13 @@
href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
- name: Subscription Activation
items:
- - name: Windows 10 Subscription Activation
+ - name: Windows 10/11 Subscription Activation
href: windows-10-subscription-activation.md
- - name: Windows 10 Enterprise E3 in CSP
+ - name: Windows 10/11 Enterprise E3 in CSP
href: windows-10-enterprise-e3-overview.md
- name: Configure VDA for Subscription Activation
href: vda-subscription-activation.md
- - name: Deploy Windows 10 Enterprise licenses
+ - name: Deploy Windows 10/11 Enterprise licenses
href: deploy-enterprise-licenses.md
- name: Deploy Windows 10 updates
items:
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 33fe4e9e80..f9f45982f7 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,5 +1,5 @@
---
-title: Windows 10 Enterprise E3 in CSP
+title: Windows 10/11 Enterprise E3 in CSP
description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
@@ -7,9 +7,9 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
-ms.date: 08/24/2017
+ms.date: 09/28/2021
ms.reviewer:
-manager: laurawi
+manager: dougeby
ms.audience: itpro
author: greg-lindsay
audience: itpro
@@ -17,51 +17,46 @@ ms.collection: M365-modern-desktop
ms.topic: article
---
-# Windows 10 Enterprise E3 in CSP
+# Windows 10/11 Enterprise E3 in CSP
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11. It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
-- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
+- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
- Azure Active Directory (Azure AD) available for identity management
-Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
+Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
-Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
-When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
-
-- **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
-
-- **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
+- **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
+- **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
-
-- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
-
-- **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
-
+- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
+- **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
-How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
- **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
-
- **Training**. These benefits include training vouchers, online e-learning, and a home use program.
-
- **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
-
- **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
- In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+ In addition, in Windows 10/11 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
-In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
+In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to the Enterprise edition of Windows 10 or Windows 11.
## Compare Windows 10 Pro and Enterprise editions
+> [NOTE!]
+> The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
+
Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
@@ -140,19 +135,19 @@ Windows 10 Enterprise edition has a number of features that are unavailable in
-## Deployment of Windows 10 Enterprise E3 licenses
+## Deployment of Windows 10/11 Enterprise E3 licenses
See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
-## Deploy Windows 10 Enterprise features
+## Deploy Windows 10/11 Enterprise features
-Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
+Now that you have Windows 10/11 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
-The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10/11 Enterprise edition features.
### Credential Guard\*
-You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10/11 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
- **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
@@ -174,7 +169,7 @@ For more information about implementing Credential Guard, see the following reso
### Device Guard
-Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+Now that the devices have Windows 10/11 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
1. **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
@@ -197,7 +192,7 @@ For more information about implementing Device Guard, see:
### AppLocker management
-You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10/11 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide).
@@ -209,7 +204,7 @@ App-V requires an App-V server infrastructure to support App-V clients. The prim
- **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
-- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
+- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10/11 Enterprise E3 devices.
For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
@@ -253,7 +248,7 @@ The Managed User Experience feature is a set of Windows 10 Enterprise edition f
## Related topics
-[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
-
[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
-
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-
[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
\ No newline at end of file
+[Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md)
+[Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b52b567397..3582a6b312 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -27,7 +27,7 @@ Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription
With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
-The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
+The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
@@ -42,7 +42,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
## Subscription Activation for Windows 10 Education and Windows 11 Education
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-11-education-requirements) section.
## Summary
@@ -59,7 +59,7 @@ For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Win
Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
-When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later. The hypervisor platform must also be Windows Hyper-V.
@@ -72,37 +72,28 @@ The following figure illustrates how deploying Windows 10 has evolved with each
- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
-
- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after). This was a lot easier than wipe-and-load, but it was still time-consuming.
-
- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
-
- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
-
- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
-
- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
-
- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
-
- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
-
-> [!NOTE]
-> All the benefits of Windows 10 Subscription Activation are carried forward with Windows 11 and Windows 10/11 Subscription Activation.
+- **Windows 11** updates Subscription Activation to work on both Windows 10 and Windows 11 devices. **Important**: Subscription activation does not update a device from Windows 10 to Windows 11. Only the edition is updated.
## Requirements
### Windows 10/11 Enterprise requirements
> [!NOTE]
-> The following requirements do not apply to general Windows 10/11 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
+> The following requirements do not apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
> [!NOTE]
> Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
-- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
+- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. Windows 11 is considered a "later" version in this context.
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
@@ -133,11 +124,8 @@ If the device is running Windows 10, version 1809 or later:
### Windows 10/11 Education requirements
- Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
-
- A device with a Windows 10 Pro Education digital license. You can confirm this information in **Settings > Update & Security > Activation**.
-
- The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
-
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
> [!IMPORTANT]
From 246e887958b4b73f7fdf44d4d332fed0adbbae1f Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 12:26:57 -0700
Subject: [PATCH 05/19] update with 11
---
.../deployment/deploy-enterprise-licenses.md | 80 ++++++++-----------
.../deployment/vda-subscription-activation.md | 4 +-
2 files changed, 37 insertions(+), 47 deletions(-)
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 1101efd400..35d5e7ad7f 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,10 +1,10 @@
---
-title: Deploy Windows 10 Enterprise licenses
+title: Deploy Windows 10/11 Enterprise licenses
ms.reviewer:
manager: laurawi
ms.audience: itpro
ms.author: greglin
-description: Steps to deploy Windows 10 Enterprise licenses for Windows 10 Enterprise E3 or E5 Subscription Activation, or for Windows 10 Enterprise E3 in CSP
+description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows 10/11 Enterprise E3 or E5 Subscription Activation, or for Windows 10/11 Enterprise E3 in CSP
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
@@ -16,18 +16,18 @@ author: greg-lindsay
ms.topic: article
---
-# Deploy Windows 10 Enterprise licenses
+# Deploy Windows 10/11 Enterprise licenses
-This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
+This topic describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5 licenses with [Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md) or [Windows 10/11 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD).
->[!NOTE]
->* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
->* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
->* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
->* Windows 10 Enterprise Subscription Activation requires Windows 10 Enterprise per user licensing; it does not work on per device based licensing.
+> [!NOTE]
+> * Windows 10/11 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. Windows 11 is considered "later" in this context.
+> * Windows 10/11 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
+> * Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
+> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it does not work on per device based licensing.
->[!IMPORTANT]
->An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
+> [!IMPORTANT]
+> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
>
>Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled".
@@ -50,24 +50,17 @@ If you are an EA customer with an existing Office 365 tenant, use the following
- **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
- **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
-1. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
-
-1. The admin can now assign subscription licenses to users.
+2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+3. The admin can now assign subscription licenses to users.
Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
1. Sign in to the [Microsoft Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-
2. Click **Subscriptions**.
-
3. Click **Online Services Agreement List**.
-
4. Enter your agreement number, and then click **Search**.
-
5. Click the **Service Name**.
-
6. In the **Subscription Contact** section, click the name listed under **Last Name**.
-
7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
Also in this article:
@@ -76,9 +69,9 @@ Also in this article:
## Active Directory synchronization with Azure AD
-You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10/11 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
@@ -91,16 +84,16 @@ For more information about integrating on-premises AD DS domains with Azure AD,
- [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
->[!NOTE]
->If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+> [!NOTE]
+> If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
## Preparing for deployment: reviewing requirements
-Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+Devices must be running Windows 10 Pro, version 1703, or later and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
## Assigning licenses to users
-Upon acquisition of Windows 10 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
+Upon acquisition of Windows 10/11 subscription has been completed (Windows 10 Business, E3 or E5), customers will receive an email that will provide guidance on how to use Windows as an online service:
> [!div class="mx-imgBorder"]
> 
@@ -121,11 +114,11 @@ The following methods are available to assign licenses:
## Explore the upgrade experience
-Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10 Enterprise. What will the users experience? How will they upgrade their devices?
+Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
### Step 1: Join Windows 10 Pro devices to Azure AD
-Users can join a Windows 10 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703.
+Users can join a Windows 10/11 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703 or later.
**To join a device to Azure AD the first time the device is started**
@@ -176,16 +169,15 @@ Now the device is Azure AD–joined to the company's subscription.
### Step 2: Pro edition activation
->[!IMPORTANT]
->If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
->If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
+> [!IMPORTANT]
+> If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+> If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
Figure 7a - Windows 10 Pro activation in Settings
-Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
-
+Windows 10/11 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only).
### Step 3: Sign in using Azure AD account
@@ -197,35 +189,33 @@ Once the device is joined to your Azure AD subscription, the user will sign in b
### Step 4: Verify that Enterprise edition is enabled
-You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**.
+You can verify the Windows 10/11 Enterprise E3 or E5 subscription in **Settings > Update & Security > Activation**, as illustrated in **Figure 9**.
**Figure 9 - Windows 10 Enterprise subscription in Settings**
+If there are any problems with the Windows 10/11 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
-If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
-
->[!NOTE]
->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
->Name: Windows(R), Professional edition
->Description: Windows(R) Operating System, RETAIL channel
->Partial Product Key: 3V66T
+> [!NOTE]
+> If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
+> Name: Windows(R), Professional edition
+> Description: Windows(R) Operating System, RETAIL channel
+> Partial Product Key: 3V66T
## Virtual Desktop Access (VDA)
-Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
## Troubleshoot the user experience
-In some instances, users may experience problems with the Windows 10 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
+In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
-
-- The Windows 10 Enterprise E3 or E5 subscription has lapsed or has been removed.
+- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
Use the following figures to help you troubleshoot when users experience these common problems:
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 25ae02c985..c7c43f8741 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -20,7 +20,7 @@ ms.collection: M365-modern-desktop
# Configure VDA for Windows 10 Subscription Activation
-This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
+This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
Deployment instructions are provided for the following scenarios:
1. [Active Directory-joined VMs](#active-directory-joined-vms)
@@ -29,7 +29,7 @@ Deployment instructions are provided for the following scenarios:
## Requirements
-- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later.
+- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later.
- VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
- VMs must be generation 1.
- VMs must be hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
From d1ee55fb2680e4f0b12bc6a121cac491df6bbbe3 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 12:38:39 -0700
Subject: [PATCH 06/19] update with 11
---
windows/deployment/windows-10-enterprise-e3-overview.md | 6 +++++-
windows/deployment/windows-10-subscription-activation.md | 6 +++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index f9f45982f7..2eeaf3054d 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,6 +1,6 @@
---
title: Windows 10/11 Enterprise E3 in CSP
-description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
+description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition.
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
@@ -19,6 +19,10 @@ ms.topic: article
# Windows 10/11 Enterprise E3 in CSP
+Applies to:
+- Windows 10
+- Windows 11
+
Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11. It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 3582a6b312..398d4cb1c4 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -29,7 +29,7 @@ With Windows 10, version 1903 and later, the Subscription Activation feature als
The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
-## Subscription Activation for Windows 10 Enterprise and Windows 11 Enterprise
+## Subscription Activation for Windows 10/11 Enterprise
With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
@@ -40,9 +40,9 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
-## Subscription Activation for Windows 10 Education and Windows 11 Education
+## Subscription Activation for Windows 10/11 Education
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-10-11-education-requirements) section.
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
## Summary
From e48fe882c5e09760efc805e4a44a71e169fada04 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 13:24:08 -0700
Subject: [PATCH 07/19] update with 11
---
.../windows-10-enterprise-e3-overview.md | 6 ++---
.../windows-10-subscription-activation.md | 23 +++++++++++--------
2 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 2eeaf3054d..e1d673f759 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -23,12 +23,12 @@ Applies to:
- Windows 10
- Windows 11
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10/11 Enterprise E3 in CSP is available now for both Windows 10 and Windows 11. It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available. It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
-- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded. Windows 11 is considered "later" in this context.
+- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
- Azure Active Directory (Azure AD) available for identity management
-Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
+You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 398d4cb1c4..b1736d3583 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -31,7 +31,7 @@ The Subscription Activation feature eliminates the need to manually deploy Enter
## Subscription Activation for Windows 10/11 Enterprise
-With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise or Windows 11 Enterprise](planning/windows-10-enterprise-faq-itpro.yml) in your organization can now be accomplished with no keys and no reboots.
+With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
If you are running Windows 10, version 1703 or later:
@@ -40,24 +40,27 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
-## Subscription Activation for Windows 10/11 Education
+> [!NOTE]
+> You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11. The operating system version does not change when you switch to Enterprise edition.
-Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise or Windows 11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
+## Subscription Activation for Education
-## Summary
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
+
+## In this article
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
-- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
-- [Benefits](#benefits): Advantages of Windows 10/11 subscription-based licensing.
+- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
+- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
+- [Benefits](#benefits): Advantages of subscription-based licensing.
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10/11 Subscription Activation for VMs in the cloud.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
## Inherited Activation
-Inherited Activation is a new feature available in Windows 10, version 1803 or later that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
+Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
When a user with Windows 10/11 E3/E5 or A3/A5 license assigned creates a new Windows 10 or Windows 11 virtual machine (VM) using a Windows 10/11 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
@@ -154,7 +157,7 @@ You can benefit by moving to Windows as an online service in the following ways:
## How it works
> [!NOTE]
-. The following Windows 10 examples and scenarios also apply to Windows 11.
+> The following Windows 10 examples and scenarios also apply to Windows 11.
The device is AAD joined from **Settings > Accounts > Access work or school**.
From 8af70e6c8781e51a0183d9adb26aca64cfd59c68 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 13:31:50 -0700
Subject: [PATCH 08/19] update with 11
---
windows/deployment/windows-10-subscription-activation.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b1736d3583..55559f11aa 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -10,7 +10,7 @@ ms.sitesec: library
ms.pagetype: mdt
audience: itpro
author: greg-lindsay
-manager: laurawi
+manager: dougeby
ms.collection: M365-modern-desktop
search.appverid:
- MET150
@@ -47,7 +47,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
-## In this article
+## Article summary
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
@@ -56,7 +56,7 @@ Subscription Activation for Education works the same as the Enterprise version,
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
-For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
+For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
## Inherited Activation
From 003394794a309fba980f065a1ff1d096c7e1a7ca Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Tue, 28 Sep 2021 13:40:14 -0700
Subject: [PATCH 09/19] update
---
.../windows-10-subscription-activation.md | 24 ++++++++++---------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 55559f11aa..725f2f12f6 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -29,6 +29,19 @@ With Windows 10, version 1903 and later, the Subscription Activation feature als
The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
+See the following topics:
+
+- [Subscription Activation](#subscription-activation-for-windows-1011-enterprise): An introduction to Subscription Activation for Windows 10/11 Enterprise.
+- [Subscription Activation for Education](#subscription-activation-for-windows-1011-enterprise): Information about Subscription Activation for Windows 10/11 Education.
+- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
+- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
+- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
+- [Benefits](#benefits): Advantages of subscription-based licensing.
+- [How it works](#how-it-works): A summary of the subscription-based licensing option.
+- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): How to enable Windows 10 Subscription Activation for VMs in the cloud.
+
+For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
+
## Subscription Activation for Windows 10/11 Enterprise
With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
@@ -47,17 +60,6 @@ Organizations that have an Enterprise agreement can also benefit from the new se
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
-## Article summary
-
-- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
-- [The evolution of deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10/11 Subscription Activation model.
-- [Benefits](#benefits): Advantages of subscription-based licensing.
-- [How it works](#how-it-works): A summary of the subscription-based licensing option.
-- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
-
-For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11 Enterprise licenses](deploy-enterprise-licenses.md).
-
## Inherited Activation
Inherited Activation is a new feature available in Windows 10, version 1803 or later (Windows 11 is considered "later" here) that allows Windows 10/11 virtual machines to inherit activation state from their Windows 10/11 host.
From 9512fa141ad4475b23bfdb5cb2729ca5a31d551d Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Wed, 29 Sep 2021 08:21:53 -0700
Subject: [PATCH 10/19] update
---
windows/deployment/windows-10-enterprise-e3-overview.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index e1d673f759..f68b6a5e42 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -37,7 +37,7 @@ When you purchase Windows 10/11 Enterprise E3 via a partner, you get the follo
- **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
- **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
-- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
+- **Roll back to Windows 10/11 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
- **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
From c0fd324765d65488a685f0f3a3520e9f13ae557a Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:05:27 +0530
Subject: [PATCH 11/19] Update policy-csp-update.md
---
.../mdm/policy-csp-update.md | 82 +++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1fe9517d3d..b41fd6dc19 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -198,6 +198,9 @@ manager: dansimp
Update/SetProxyBehaviorForUpdateDetection
+
+ Update/TargetProductVersion
+
Update/TargetReleaseVersion
@@ -4284,6 +4287,85 @@ The following list shows the supported values:
+
+**Update/TargetProductVersion**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ Yes |
+ Yes |
+
+
+ | Business |
+ Yes |
+ Yes |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product.
+
+If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [https://docs.microsoft.com/windows/release-health/release-information](https://docs.microsoft.com/windows/release-health/release-information).
+
+
+ADMX Info:
+- GP Friendly name: *Select the target Feature Update version*
+- GP name: *TargetProductVersion*
+- GP element: *TargetProductVersionId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Value type is a string containing a Windows product, forexample, “Windows 11” or “11” or “Windows 10”.
+
+
+
+
+
+
+
+
+By using this Windows Update for Business policy to upgrade devices to a new product (ex. Windows 11) you are agreeing that when applying this operating system to a device either
+(1) The applicable Windows license was purchased though volume licensing, or
+(2) That you are authorized to bind your organization and are accepting on its behalf the relevant Microsoft Software License Terms to be found here: (https://www.microsoft.com/Useterms).
+
+
+
**Update/TargetReleaseVersion**
From 05818270a70291c26ea3c90358d6e2e9270280c0 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:48:23 +0530
Subject: [PATCH 12/19] Update policy-csp-update.md
---
windows/client-management/mdm/policy-csp-update.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index b41fd6dc19..b357e14f2d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4339,7 +4339,8 @@ The following list shows the supported values:
Available in Windows 10, version 2004 and later. Enables IT administrators to specify which product they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy to target a new product.
-If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [https://docs.microsoft.com/windows/release-health/release-information](https://docs.microsoft.com/windows/release-health/release-information).
+If no product is specified, the device will continue receiving newer versions of the Windows product it is currently on. For details about different Windows 10 versions, see [release information](/windows/release-health/release-information).
+
ADMX Info:
From ff820249ab4e4edb0e6a1c9c0d0bc04c9cdd2598 Mon Sep 17 00:00:00 2001
From: Diana Hanson
Date: Thu, 30 Sep 2021 09:57:14 -0600
Subject: [PATCH 13/19] Update
windows/client-management/mdm/policy-csp-update.md
---
windows/client-management/mdm/policy-csp-update.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index b357e14f2d..8b1cc3fa9f 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4352,7 +4352,7 @@ ADMX Info:
-Value type is a string containing a Windows product, forexample, “Windows 11” or “11” or “Windows 10”.
+Value type is a string containing a Windows product, for example, “Windows 11” or “11” or “Windows 10”.
From 593db0fed827594675a509c6cc27ab9ee0522a2a Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 09:15:44 -0700
Subject: [PATCH 14/19] update
---
.../deployment/vda-subscription-activation.md | 27 +++++++++++--------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index c7c43f8741..a478f26f76 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -1,7 +1,7 @@
---
-title: Configure VDA for Windows 10 Subscription Activation
+title: Configure VDA for Windows 10/11 Subscription Activation
ms.reviewer:
-manager: laurawi
+manager: dougeby
ms.audience: itpro
ms.author: greglin
author: greg-lindsay
@@ -18,7 +18,11 @@ ms.topic: article
ms.collection: M365-modern-desktop
---
-# Configure VDA for Windows 10 Subscription Activation
+# Configure VDA for Windows 10/11 Subscription Activation
+
+Applies to:
+- Windows 10
+- Windows 11
This document describes how to configure virtual machines (VMs) to enable [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
@@ -29,17 +33,18 @@ Deployment instructions are provided for the following scenarios:
## Requirements
-- VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later.
+- VMs must be running Windows 10 Pro, version 1703 or later (Windows 11 is "later").
- VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
-- VMs must be generation 1.
-- VMs must be hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
+- VMs must be hosted by a Qualified Multitenant Hoster (QMTH).
+ - For more information, see (Qualified Multitenant Hoster (QMTH)
+Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf]
## Activation
### Scenario 1
-- The VM is running Windows 10, version 1803 or later.
-- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH).
+- The VM is running Windows 10, version 1803 or later (ex: Windows 11).
+- The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
@@ -51,9 +56,9 @@ Deployment instructions are provided for the following scenarios:
### Scenario 3
-- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner.
+- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) partner.
- In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems).
+ In this scenario, the underlying Windows 10/11 Pro license must be activated prior to Subscription Activation of Windows 10/11 Enterprise. Activation is accomplished using a Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server can be used. KMS activation is provided for Azure VMs. For more information, see [Troubleshoot Azure Windows virtual machine activation problems](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems).
For examples of activation issues, see [Troubleshoot the user experience](./deploy-enterprise-licenses.md#troubleshoot-the-user-experience).
@@ -147,6 +152,6 @@ To create custom RDP settings for Azure:
## Related topics
-[Windows 10 Subscription Activation](windows-10-subscription-activation.md)
+[Windows 10/11 Subscription Activation](windows-10-subscription-activation.md)
[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20and%20VDA%20FAQ%20v3%200.pdf)
\ No newline at end of file
From 0587eb2f8e0c778c10b7a2689ac4c6886518eb8a Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 09:35:04 -0700
Subject: [PATCH 15/19] update
---
windows/deployment/windows-10-subscription-activation.md | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 725f2f12f6..76e534a4ae 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -23,8 +23,12 @@ Applies to:
- Windows 10
- Windows 11
-Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+> [!NOTE]
+> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. This feature enables you to "step-up" from a Pro edition to the Enterprise or Education edition of Windows client. You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11, for example. The operating system version does not change when you switch to Enterprise edition.
+Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
+
+**Education edition**
With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
@@ -53,9 +57,6 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
-> [!NOTE]
-> You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11. The operating system version does not change when you switch to Enterprise edition.
-
## Subscription Activation for Education
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
From 9731fbb12d7993ca409b9edcc69a8b24d0fc0800 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 09:48:23 -0700
Subject: [PATCH 16/19] update
---
windows/deployment/windows-10-subscription-activation.md | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 76e534a4ae..177dacf63d 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -23,12 +23,8 @@ Applies to:
- Windows 10
- Windows 11
-> [!NOTE]
-> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. This feature enables you to "step-up" from a Pro edition to the Enterprise or Education edition of Windows client. You cannot use Subscripton Activation to upgrade from Windows 10 to Windows 11, for example. The operating system version does not change when you switch to Enterprise edition.
-
Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro or Windows 11 Pro to **Windows 10 Enterprise** or **Windows 11 Enterprise**, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
-**Education edition**
With Windows 10, version 1903 and later, the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education or Windows 11 Pro Education to the Enterprise grade editions for educational institutions—**Windows 10 Education** or **Windows 11 Education**.
The Subscription Activation feature eliminates the need to manually deploy Enterprise or Education edition images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering Generic Volume License Keys (GVLKs), and subsequently rebooting client devices.
@@ -51,12 +47,14 @@ For information on how to deploy Enterprise licenses, see [Deploy Windows 10/11
With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Windows 10/11 Enterprise E5 are available as online services via subscription. Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots.
If you are running Windows 10, version 1703 or later:
-
- Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
- Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
+> [!NOTE]
+> The Subscription Activation feature is available for qualifying devices running Windows 10 or Windows 11. You cannot use Subscription Activation to upgrade from Windows 10 to Windows 11.
+
## Subscription Activation for Education
Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later (or Windows 11) and an active subscription plan with a Windows 10/11 Enterprise license. For more information, see the [requirements](#windows-1011-education-requirements) section.
From 8f5b2533b83594b6a799899995d8fd89e8aa6231 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 10:02:06 -0700
Subject: [PATCH 17/19] update
---
windows/deployment/vda-subscription-activation.md | 9 ++++-----
windows/deployment/windows-10-enterprise-e3-overview.md | 9 +++++----
windows/deployment/windows-10-subscription-activation.md | 6 ++----
3 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index a478f26f76..a7081e65f1 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -33,11 +33,10 @@ Deployment instructions are provided for the following scenarios:
## Requirements
-- VMs must be running Windows 10 Pro, version 1703 or later (Windows 11 is "later").
+- VMs must be running Windows 10 Pro, version 1703 or later. Windows 11 is "later" in this context.
- VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined.
- VMs must be hosted by a Qualified Multitenant Hoster (QMTH).
- - For more information, see (Qualified Multitenant Hoster (QMTH)
-Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf]
+ - For more information, see [Qualified Multitenant Hoster Program](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
## Activation
@@ -46,13 +45,13 @@ Program)[https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D
- The VM is running Windows 10, version 1803 or later (ex: Windows 11).
- The VM is hosted in Azure or another Qualified Multitenant Hoster (QMTH).
- When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
+ When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10/11 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure.
### Scenario 2
- The Hyper-V host and the VM are both running Windows 10, version 1803 or later.
- [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
+ [Inherited Activation](./windows-10-subscription-activation.md#inherited-activation) is enabled. All VMs created by a user with a Windows 10/11 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account.
### Scenario 3
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index f68b6a5e42..a4d743c9db 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -23,12 +23,14 @@ Applies to:
- Windows 10
- Windows 11
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available. It delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.
+
+Windows 10/11 Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
- Azure Active Directory (Azure AD) available for identity management
-You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
+You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
@@ -44,7 +46,6 @@ When you purchase Windows 10/11 Enterprise E3 via a partner, you get the follo
How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
-
- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
- **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
@@ -58,7 +59,7 @@ In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offeri
## Compare Windows 10 Pro and Enterprise editions
-> [NOTE!]
+> [!NOTE]
> The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 177dacf63d..b4f0e331eb 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -71,9 +71,7 @@ To support Inherited Activation, both the host computer and the VM must be runni
> The original version of this section can be found at [Changing between Windows SKUs](/archive/blogs/mniehaus/changing-between-windows-skus).
-The following figure illustrates how deploying Windows 10 has evolved with each release. With this release, deployment is automatic.
-
-
+The following list illustrates how deploying Windows client has evolved with each release:
- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after). This was a lot easier than wipe-and-load, but it was still time-consuming.
@@ -92,7 +90,7 @@ The following figure illustrates how deploying Windows 10 has evolved with each
> [!NOTE]
> The following requirements do not apply to general Windows client activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
-> [!NOTE]
+> [!IMPORTANT]
> Currently, Subscription Activation is only available on commercial tenants and is currently not available on US GCC, GCC High, or DoD tenants.
For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
From b41a13dd9fa59c7f5d99f029ff56d692b1188d3d Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 10:16:53 -0700
Subject: [PATCH 18/19] update
---
windows/deployment/deploy-enterprise-licenses.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 35d5e7ad7f..9b4d7283c3 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -114,9 +114,9 @@ The following methods are available to assign licenses:
## Explore the upgrade experience
-Now that your subscription has been established and Windows 10 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
+Now that your subscription has been established and Windows 10/11 Enterprise E3 or E5 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, (version 1703 or later) to Windows 10/11 Enterprise. What will the users experience? How will they upgrade their devices?
-### Step 1: Join Windows 10 Pro devices to Azure AD
+### Step 1: Join Windows 10/11 Pro devices to Azure AD
Users can join a Windows 10/11 Pro device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1703 or later.
@@ -206,7 +206,7 @@ If there are any problems with the Windows 10/11 Enterprise E3 or E5 license or
## Virtual Desktop Access (VDA)
-Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://aka.ms/qmth).
+Subscriptions to Windows 10/11 Enterprise are also available for virtualized clients. Windows 10/11 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [Qualified Multitenant Hoster](https://download.microsoft.com/download/3/D/4/3D445779-2870-4E3D-AFCB-D35D2E1BC095/QMTH%20Authorized%20Partner%20List.pdf) (PDF download).
Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Enterprise Subscription Activation](vda-subscription-activation.md).
From 9bb0cb08eafba88b46fcdae2cea14f254c3d1acb Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 30 Sep 2021 10:21:04 -0700
Subject: [PATCH 19/19] typo
---
windows/deployment/windows-10-subscription-activation.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index b4f0e331eb..4d6d62258a 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -48,7 +48,7 @@ With Windows 10, version 1703 and later both Windows 10/11 Enterprise E3 and Win
If you are running Windows 10, version 1703 or later:
- Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.
-- Product key-based Windows 10 Enterprise or Windows 11 Enterpise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
+- Product key-based Windows 10 Enterprise or Windows 11 Enterprise software licenses can be transitioned to Windows 10 Enterprise and Windows 11 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](/azure/active-directory/connect/active-directory-aadconnectsync-whatis).