From aecab4f97ac57f49734bda8160ab062364896c9b Mon Sep 17 00:00:00 2001 From: Nicole Zhao Date: Fri, 2 Sep 2022 10:45:04 -0700 Subject: [PATCH 01/23] Update take-a-test-single-pc.md --- education/windows/take-a-test-single-pc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md index 2dcc9c525c..30e6f0bacc 100644 --- a/education/windows/take-a-test-single-pc.md +++ b/education/windows/take-a-test-single-pc.md @@ -14,7 +14,7 @@ ms.date: 08/10/2022 ms.reviewer: manager: aaroncz appliesto: -- ✅ Windows 10 +- ✅ Windows 10 and above --- # Set up Take a Test on a single PC @@ -23,7 +23,7 @@ To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow t ## Set up a dedicated test account To configure the assessment URL and a dedicated testing account on a single PC, follow these steps. -1. Sign into the Windows 10 device with an administrator account. +1. Sign into the Windows device with an administrator account. 2. Open the **Settings** app and go to **Accounts > Access work or school**. 3. Click **Set up an account for taking tests**. From c7199606f9386893c852d2a535f89ff47617c10d Mon Sep 17 00:00:00 2001 From: Nicole Zhao Date: Fri, 2 Sep 2022 10:45:55 -0700 Subject: [PATCH 02/23] Update take-a-test-multiple-pcs.md --- education/windows/take-a-test-multiple-pcs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index e6daee3daa..c3ecdbff8f 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -14,7 +14,7 @@ ms.date: 08/10/2022 ms.reviewer: manager: aaroncz appliesto: -- ✅ Windows 10 +- ✅ Windows 10 and above --- # Set up Take a Test on multiple PCs @@ -275,4 +275,4 @@ This assessment URL uses our lockdown API: [Set up Take a Test on a single PC](take-a-test-single-pc.md) -[Take a Test app technical reference](take-a-test-app-technical.md) \ No newline at end of file +[Take a Test app technical reference](take-a-test-app-technical.md) From 253ccb38ef8f3dbf3d4bfc66c97a021476c0335c Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 7 Sep 2022 09:51:47 -0700 Subject: [PATCH 03/23] Added CAA30193 Added CAA30193 --- .../hello-for-business/hello-errors-during-pin-creation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index d995550c13..11dedee3da 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -100,6 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | | 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | +| 0xCAA30193 | HTTP 403 Request Forbidden | it means request left the device, however either Server, proxy or firewall genearted this response. ## Related topics From 4abcf3e82af9c106cd017059743e0f101c4839ed Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Wed, 7 Sep 2022 11:52:14 -0700 Subject: [PATCH 04/23] update update format --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 11dedee3da..125427b0ff 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -100,7 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | | 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | -| 0xCAA30193 | HTTP 403 Request Forbidden | it means request left the device, however either Server, proxy or firewall genearted this response. +| 0xCAA30193 | HTTP 403 Request Forbidden | it means request left the device, however either Server, proxy or firewall genearted this response. | ## Related topics From fc1cc56f4566bbc377d104a1e31cc1ec6b011fc6 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 9 Sep 2022 14:08:47 -0400 Subject: [PATCH 05/23] Add EnableSharedPCModeWithOneDriveSync --- windows/client-management/mdm/sharedpc-csp.md | 72 ++++++++++--------- .../mdm/sharedpc-ddf-file.md | 28 +++++++- 2 files changed, 67 insertions(+), 33 deletions(-) diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md index 1e4509043f..9dc7485482 100644 --- a/windows/client-management/mdm/sharedpc-csp.md +++ b/windows/client-management/mdm/sharedpc-csp.md @@ -1,7 +1,7 @@ --- title: SharedPC CSP description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -31,6 +31,7 @@ The following example shows the SharedPC configuration service provider manageme ./Vendor/MSFT SharedPC ----EnableSharedPCMode +----EnableSharedPCModeWithOneDriveSync ----SetEduPolicies ----SetPowerPolicies ----MaintenanceStartTime @@ -47,12 +48,12 @@ SharedPC ----InactiveThreshold ----MaxPageFileSizeMB ``` -**./Vendor/MSFT/SharedPC** +**./Vendor/MSFT/SharedPC** The root node for the SharedPC configuration service provider. The supported operation is Get. -**EnableSharedPCMode** +**EnableSharedPCMode** A boolean value that specifies whether Shared PC mode is enabled. The supported operations are Add, Get, Replace, and Delete. @@ -61,16 +62,23 @@ Setting this value to True triggers the action to configure a device to Shared P The default value is Not Configured and SharedPC mode is not enabled. -**SetEduPolicies** +**EnableSharedPCModeWithOneDriveSync** +Setting this node to true triggers the action to configure a device to Shared PC mode with OneDrive sync turned on. + +The supported operations are Add, Get, Replace, and Delete. + +The default value is false. + +**SetEduPolicies** A boolean value that specifies whether the policies for education environment are enabled. Setting this value to true triggers the action to configure a device as education environment. The supported operations are Add, Get, Replace, and Delete. -The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode. +The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode. In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured. -**SetPowerPolicies** +**SetPowerPolicies** Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode. > [!NOTE] @@ -80,7 +88,7 @@ The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and the effective power settings are determined by the OS's default power settings. Its value in the SharedPC provisioning package is True. -**MaintenanceStartTime** +**MaintenanceStartTime** Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440. > [!NOTE] @@ -90,7 +98,7 @@ The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and its value in the SharedPC provisioning package is 0 (12 AM). -**SignInOnResume** +**SignInOnResume** Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode. > [!NOTE] @@ -100,8 +108,8 @@ The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and its value in the SharedPC provisioning package is True. -**SleepTimeout** -The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. +**SleepTimeout** +The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. > [!NOTE] > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken. @@ -110,7 +118,7 @@ The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in the SharedPC provisioning package for Windows 10, version 1703 is 300, and in Windows 10, version 1607 is 3600. -**EnableAccountManager** +**EnableAccountManager** A boolean that enables the account manager for shared PC mode. > [!NOTE] @@ -120,7 +128,7 @@ The supported operations are Add, Get, Replace, and Delete. The default value is Not Configured and its value in the SharedPC provisioning package is True. -**AccountModel** +**AccountModel** Configures which type of accounts are allowed to use the PC. > [!NOTE] @@ -136,7 +144,7 @@ The following list shows the supported values: Its value in the SharedPC provisioning package is 1 or 2. -**DeletionPolicy** +**DeletionPolicy** Configures when accounts are deleted. > [!NOTE] @@ -149,7 +157,7 @@ For Windows 10, version 1607, here's the list shows the supported values: - 0 - Delete immediately. - 1 (default) - Delete at disk space threshold. -For Windows 10, version 1703, here's the list of supported values: +For Windows 10, version 1703, here's the list of supported values: - 0 - Delete immediately. - 1 - Delete at disk space threshold. @@ -157,7 +165,7 @@ For Windows 10, version 1703, here's the list of supported values: The default value is Not Configured. Its value in the SharedPC provisioning package is 1 or 2. -**DiskLevelDeletion** +**DiskLevelDeletion** Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first. > [!NOTE] @@ -169,7 +177,7 @@ For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevel The supported operations are Add, Get, Replace, and Delete. -**DiskLevelCaching** +**DiskLevelCaching** Sets the percentage of available disk space a PC should have before it stops deleting cached accounts. > [!NOTE] @@ -181,48 +189,48 @@ For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevel The supported operations are Add, Get, Replace, and Delete. -**RestrictLocalStorage** -Added in Windows 10, version 1703. Restricts the user from using local storage. This node is optional. +**RestrictLocalStorage** +Added in Windows 10, version 1703. Restricts the user from using local storage. This node is optional. The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False. > [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. -**KioskModeAUMID** -Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional. +**KioskModeAUMID** +Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional. -- Value type is string. -- Supported operations are Add, Get, Replace, and Delete. +- Value type is string. +- Supported operations are Add, Get, Replace, and Delete. > [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. -**KioskModeUserTileDisplayText** -Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional. +**KioskModeUserTileDisplayText** +Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional. -Value type is string. Supported operations are Add, Get, Replace, and Delete. +Value type is string. Supported operations are Add, Get, Replace, and Delete. > [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. -**InactiveThreshold** +**InactiveThreshold** Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days. -- The default value is Not Configured. -- Value type is integer. +- The default value is Not Configured. +- Value type is integer. - Supported operations are Add, Get, Replace, and Delete. The default in the SharedPC provisioning package is 30. -**MaxPageFileSizeMB** -Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional. +**MaxPageFileSizeMB** +Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional. > [!NOTE] > If used, this value must set before the action on the **EnableSharedPCMode** node is taken. -- Default value is Not Configured. -- Value type is integer. +- Default value is Not Configured. +- Value type is integer. - Supported operations are Add, Get, Replace, and Delete. The default in the SharedPC provisioning package is 1024. diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index 1eb414317a..071887f881 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -1,7 +1,7 @@ --- title: SharedPC DDF file description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP). -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -70,6 +70,32 @@ The XML below is the DDF for Windows 10, version 1703. + + EnableSharedPCModeWithOneDriveSync + + + + + + + + false + Setting this node to “1” triggers the action to configure a device to Shared PC mode with OneDrive sync turned on + + + + + + + + + + Enable Shared PC mode with OneDrive sync + + + + + SetEduPolicies From c8375a107b225b992c781aacb0e6d92fea93deb0 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 9 Sep 2022 14:45:50 -0400 Subject: [PATCH 06/23] fix to the table as the | added an extra column --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 8a17230329..e545c5d7ad 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -100,7 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | | 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | -| 0xCAA30193 | HTTP 403 Request Forbidden | it means request left the device, however either Server, proxy or firewall genearted this response. | +| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall genearted this response. | ## Related topics From a69d826d01fc4c9fe66ad0f4e20fb927e0287ed8 Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Fri, 9 Sep 2022 13:46:36 -0500 Subject: [PATCH 07/23] Update hello-errors-during-pin-creation.md --- .../hello-for-business/hello-errors-during-pin-creation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index e545c5d7ad..b42e9b004b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -100,7 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | | 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | -| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall genearted this response. | +| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall generated this response. | ## Related topics From 1729fe3a6c489c052e86cf8527588e319420c677 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 9 Sep 2022 14:53:18 -0400 Subject: [PATCH 08/23] minor updates --- education/windows/take-a-test-single-pc.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md index 30e6f0bacc..2cf14b3079 100644 --- a/education/windows/take-a-test-single-pc.md +++ b/education/windows/take-a-test-single-pc.md @@ -14,7 +14,9 @@ ms.date: 08/10/2022 ms.reviewer: manager: aaroncz appliesto: -- ✅ Windows 10 and above +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- # Set up Take a Test on a single PC @@ -127,7 +129,7 @@ Once the shortcut is created, you can copy it and distribute it to students. ## Related topics -[Take tests in Windows 10](take-tests-in-windows-10.md) +[Take tests in Windows](take-tests-in-windows-10.md) [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) From efcfad21417b4f956a6abca7d5a625767c1d1692 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 9 Sep 2022 15:00:10 -0400 Subject: [PATCH 09/23] Add CertAttestation/MDMClientCertAttestation --- .../client-management/mdm/devicestatus-csp.md | 107 +- .../client-management/mdm/devicestatus-ddf.md | 1566 +++++++++-------- 2 files changed, 861 insertions(+), 812 deletions(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index c900b41939..72be68417e 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -1,7 +1,7 @@ --- title: DeviceStatus CSP description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -71,12 +71,14 @@ DeviceStatus --------VirtualizationBasedSecurityHwReq --------VirtualizationBasedSecurityStatus --------LsaCfgCredGuardStatus +----CertAttestation +--------MDMClientCertAttestation ``` -**DeviceStatus** +**DeviceStatus** The root node for the DeviceStatus configuration service provider. -**DeviceStatus/SecureBootState** +**DeviceStatus/SecureBootState** Indicates whether secure boot is enabled. The value is one of the following values: - 0 - Not supported @@ -85,67 +87,67 @@ Indicates whether secure boot is enabled. The value is one of the following valu Supported operation is Get. -**DeviceStatus/CellularIdentities** +**DeviceStatus/CellularIdentities** Required. Node for queries on the SIM cards. >[!NOTE] >Multiple SIMs are supported. -**DeviceStatus/CellularIdentities/***IMEI* +**DeviceStatus/CellularIdentities/***IMEI* The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device. -**DeviceStatus/CellularIdentities/*IMEI*/IMSI** +**DeviceStatus/CellularIdentities/*IMEI*/IMSI** The International Mobile Subscriber Identity (IMSI) associated with the IMEI number. Supported operation is Get. -**DeviceStatus/CellularIdentities/*IMEI*/ICCID** +**DeviceStatus/CellularIdentities/*IMEI*/ICCID** The Integrated Circuit Card ID (ICCID) of the SIM card associated with the specific IMEI number. Supported operation is Get. -**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber** +**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber** Phone number associated with the specific IMEI number. Supported operation is Get. -**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator** +**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator** The mobile service provider or mobile operator associated with the specific IMEI number. Supported operation is Get. -**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus** +**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus** Indicates whether the SIM card associated with the specific IMEI number is roaming. Supported operation is Get. -**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance** +**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance** Boolean value that indicates compliance with the enforced enterprise roaming policy. Supported operation is Get. -**DeviceStatus/NetworkIdentifiers** +**DeviceStatus/NetworkIdentifiers** Node for queries on network and device properties. -**DeviceStatus/NetworkIdentifiers/***MacAddress* +**DeviceStatus/NetworkIdentifiers/***MacAddress* MAC address of the wireless network card. A MAC address is present for each network card on the device. -**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4** +**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4** IPv4 address of the network card associated with the MAC address. Supported operation is Get. -**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6** +**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6** IPv6 address of the network card associated with the MAC address. Supported operation is Get. -**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected** +**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected** Boolean value that indicates whether the network card associated with the MAC address has an active network connection. Supported operation is Get. -**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type** +**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type** Type of network connection. The value is one of the following values: - 2 - WLAN (or other Wireless interface) @@ -154,10 +156,10 @@ Type of network connection. The value is one of the following values: Supported operation is Get. -**DeviceStatus/Compliance** +**DeviceStatus/Compliance** Node for the compliance query. -**DeviceStatus/Compliance/EncryptionCompliance** +**DeviceStatus/Compliance/EncryptionCompliance** Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values: - 0 - Not encrypted @@ -165,42 +167,42 @@ Boolean value that indicates compliance with the enterprise encryption policy fo Supported operation is Get. -**DeviceStatus/TPM** +**DeviceStatus/TPM** Added in Windows, version 1607. Node for the TPM query. Supported operation is Get. -**DeviceStatus/TPM/SpecificationVersion** +**DeviceStatus/TPM/SpecificationVersion** Added in Windows, version 1607. String that specifies the specification version. Supported operation is Get. -**DeviceStatus/OS** +**DeviceStatus/OS** Added in Windows, version 1607. Node for the OS query. Supported operation is Get. -**DeviceStatus/OS/Edition** +**DeviceStatus/OS/Edition** Added in Windows, version 1607. String that specifies the OS edition. Supported operation is Get. -**DeviceStatus/OS/Mode** +**DeviceStatus/OS/Mode** Added in Windows, version 1803. Read only node that specifies the device mode. -Valid values: +Valid values: - 0 - The device is in standard configuration. - 1 - The device is in S mode configuration. Supported operation is Get. -**DeviceStatus/Antivirus** +**DeviceStatus/Antivirus** Added in Windows, version 1607. Node for the antivirus query. Supported operation is Get. -**DeviceStatus/Antivirus/SignatureStatus** +**DeviceStatus/Antivirus/SignatureStatus** Added in Windows, version 1607. Integer that specifies the status of the antivirus signature. Valid values: @@ -218,7 +220,7 @@ If more than one antivirus provider is active, this node returns: This node also returns 0 when no antivirus provider is active. -**DeviceStatus/Antivirus/Status** +**DeviceStatus/Antivirus/Status** Added in Windows, version 1607. Integer that specifies the status of the antivirus. Valid values: @@ -231,12 +233,12 @@ Valid values: Supported operation is Get. -**DeviceStatus/Antispyware** +**DeviceStatus/Antispyware** Added in Windows, version 1607. Node for the anti-spyware query. Supported operation is Get. -**DeviceStatus/Antispyware/SignatureStatus** +**DeviceStatus/Antispyware/SignatureStatus** Added in Windows, version 1607. Integer that specifies the status of the anti-spyware signature. Valid values: @@ -254,7 +256,7 @@ If more than one anti-spyware provider is active, this node returns: This node also returns 0 when no anti-spyware provider is active. -**DeviceStatus/Antispyware/Status** +**DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the anti-spyware. Valid values: @@ -266,12 +268,12 @@ Valid values: Supported operation is Get. -**DeviceStatus/Firewall** +**DeviceStatus/Firewall** Added in Windows, version 1607. Node for the firewall query. Supported operation is Get. -**DeviceStatus/Firewall/Status** +**DeviceStatus/Firewall/Status** Added in Windows, version 1607. Integer that specifies the status of the firewall. Valid values: @@ -284,75 +286,75 @@ Valid values: Supported operation is Get. -**DeviceStatus/UAC** +**DeviceStatus/UAC** Added in Windows, version 1607. Node for the UAC query. Supported operation is Get. -**DeviceStatus/UAC/Status** +**DeviceStatus/UAC/Status** Added in Windows, version 1607. Integer that specifies the status of the UAC. Supported operation is Get. -**DeviceStatus/Battery** +**DeviceStatus/Battery** Added in Windows, version 1607. Node for the battery query. Supported operation is Get. -**DeviceStatus/Battery/Status** +**DeviceStatus/Battery/Status** Added in Windows, version 1607. Integer that specifies the status of the battery Supported operation is Get. -**DeviceStatus/Battery/EstimatedChargeRemaining** +**DeviceStatus/Battery/EstimatedChargeRemaining** Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status). The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. Supported operation is Get. -**DeviceStatus/Battery/EstimatedRuntime** +**DeviceStatus/Battery/EstimatedRuntime** Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status). The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1. Supported operation is Get. -**DeviceStatus/DomainName** +**DeviceStatus/DomainName** Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string. Supported operation is Get. -**DeviceStatus/DeviceGuard** +**DeviceStatus/DeviceGuard** Added in Windows, version 1709. Node for Device Guard query. Supported operation is Get. -**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq** +**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq** Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask. - 0x0: System meets hardware configuration requirements -- 0x1: SecureBoot required +- 0x1: SecureBoot required - 0x2: DMA Protection required - 0x4: HyperV not supported for Guest VM - 0x8: HyperV feature isn't available Supported operation is Get. -**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus** +**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus** Added in Windows, version 1709. Virtualization-based security status. Value is one of the following: - 0 - Running -- 1 - Reboot required -- 2 - 64-bit architecture required -- 3 - Not licensed -- 4 - Not configured -- 5 - System doesn't meet hardware requirements +- 1 - Reboot required +- 2 - 64-bit architecture required +- 3 - Not licensed +- 4 - Not configured +- 5 - System doesn't meet hardware requirements - 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details. Supported operation is Get. -**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus** +**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus** Added in Windows, version 1709. Local System Authority (LSA) credential guard status. - 0 - Running @@ -363,6 +365,11 @@ Added in Windows, version 1709. Local System Authority (LSA) credential guard s Supported operation is Get. +**DeviceStatus/CertAttestation/MDMClientCertAttestation** +Added in Windows 11, version 22H2. MDM Certificate attestation information. This will return an XML blob containing the relevant attestation fields. + +Supported operation is Get. + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 9019f6a5b9..f081bf1262 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -1,7 +1,7 @@ --- title: DeviceStatus DDF description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article @@ -25,862 +25,904 @@ The XML below is for Windows 10, version 1803. "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd" []> - 1.2 - + 1.2 + DeviceStatus ./Vendor/MSFT - - - - - - - - - - - - - - com.microsoft/1.4/MDM/DeviceStatus - + + + + + + + + + + + + + + com.microsoft/1.4/MDM/DeviceStatus + - SecureBootState - - - - - - - - - - - - - - - text/plain - - - - - CellularIdentities - - - - - - - - - - - - - - - - - - - + SecureBootState - - - - - - - - - - - - - IMEI - - - - - - IMSI - - + - + - + - + - text/plain + text/plain - - - - ICCID - + + + + CellularIdentities + - + - + - + - + - text/plain + - - - - PhoneNumber - - - - - - - - - - - - - - - text/plain - - - - - CommercializationOperator - - - - - - - - - - - - - - - text/plain - - - - - RoamingStatus - - - - - - - - - - - - - - - text/plain - - - - - RoamingCompliance - - - - - - - - - - - - - - - text/plain - - - - - - - NetworkIdentifiers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MacAddress - - - - IPAddressV4 - + + + + + + + + + + + + + + + IMEI + + + + + + IMSI + + + + + + + + + + + + + + + text/plain + + + + + ICCID + + + + + + + + + + + + + + + text/plain + + + + + PhoneNumber + + + + + + + + + + + + + + + text/plain + + + + + CommercializationOperator + + + + + + + + + + + + + + + text/plain + + + + + RoamingStatus + + + + + + + + + + + + + + + text/plain + + + + + RoamingCompliance + + + + + + + + + + + + + + + text/plain + + + + + + + NetworkIdentifiers + - + - + - + - + - text/plain + - + + + + + + + + + + + + + + + + + MacAddress + + + + + + IPAddressV4 + + + + + + + + + + + + + + + text/plain + + + + + IPAddressV6 + + + + + + + + + + + + + + + text/plain + + + + + IsConnected + + + + + + + + + + + + + + + text/plain + + + + + Type + + + + + + + + + + + + + + + text/plain + + + + + + + Compliance + + + + + + + + + + + + + + + + + + + EncryptionCompliance + + + + + + + + + + + + + + + text/plain + + + + + + TPM + + + + + + + + + + + + + + + + + + + SpecificationVersion + + + + + Not available + + + + + + + + + + + text/plain + + + + + + OS + + + + + + + + + + + + + + + + + + + Edition + + + + + Not available + + + + + + + + + + + text/plain + + - IPAddressV6 - + Mode + + + + + Not available + + + + + + + + + + + text/plain + + + + + + Antivirus + - + - + - + - + - text/plain + - + + + SignatureStatus + + + + + 1 + + + + + + + + + + + text/plain + + - IsConnected - + Status + + + + + 3 + + + + + + + + + + + text/plain + + + + + + Antispyware + - + - + - + - + - text/plain + - + + + SignatureStatus + + + + + 1 + + + + + + + + + + + text/plain + + - Type - + Status + + + + + 3 + + + + + + + + + + + text/plain + + + + + + Firewall + - + - + - + - + - text/plain + - + + + Status + + + + + 3 + + + + + + + + + + + text/plain + + - - Compliance - - - - - - - - - - - - - - - - - - - EncryptionCompliance + UAC - - - - - - - - - - - - - - text/plain - + + + + + + + + + + + + + + + - + + Status + + + + + + + + + + + + + + + text/plain + + + - TPM - - - - - - - - - - - - - - - - - - - SpecificationVersion + Battery - - - - Not available - - - - - - - - - - - text/plain - + + + + + + + + + + + + + + + - + + Status + + + + + 0 + + + + + + + + + + + text/plain + + + + + EstimatedChargeRemaining + + + + + 0 + + + + + + + + + + + text/plain + + + + + EstimatedRuntime + + + + + 0 + + + + + + + + + + + text/plain + + + - OS - - - - - - - - - - - - - - - - - - - Edition + DomainName - - - - Not available - - - - - - - - - - - text/plain - + + + + Returns the fully qualified domain name of the device(if any). + + + + + + + + + + DomainName + + text/plain + - - - Mode - - - - - Not available - - - - - - - - - - - text/plain - - - - Antivirus - - - - - - - - - - - - - - - - - - - SignatureStatus + DeviceGuard - - - - 1 - - - - - - - - - - - text/plain - + + + + + + + + + + + + + + + - - - Status - - - - - 3 - - - - - - - - - - - text/plain - - - + + VirtualizationBasedSecurityHwReq + + + + + + + + + + + + + + + text/plain + + + + + VirtualizationBasedSecurityStatus + + + + + + + + + + + + + + + text/plain + + + + + LsaCfgCredGuardStatus + + + + + + + + + + + + + + + text/plain + + + - Antispyware - - - - - - - - - - - - - - - - - - - SignatureStatus + CertAttestation - - - - 1 - - - - - - - - - - - text/plain - + + + + Node for Certificate Attestation + + + + + + + + + + + + - - - Status - - - - - 3 - - - - - - - - - - - text/plain - - - + + MDMClientCertAttestation + + + + + MDM Certificate attestation information. This will return an XML blob containing the relevent attestation fields. + + + + + + + + + + + + + + - - Firewall - - - - - - - - - - - - - - - - - - - Status - - - - - 3 - - - - - - - - - - - text/plain - - - - - - UAC - - - - - - - - - - - - - - - - - - - Status - - - - - - - - - - - - - - - text/plain - - - - - - Battery - - - - - - - - - - - - - - - - - - - Status - - - - - 0 - - - - - - - - - - - text/plain - - - - - EstimatedChargeRemaining - - - - - 0 - - - - - - - - - - - text/plain - - - - - EstimatedRuntime - - - - - 0 - - - - - - - - - - - text/plain - - - - - - DomainName - - - - - Returns the fully qualified domain name of the device(if any). - - - - - - - - - - DomainName - - text/plain - - - - - DeviceGuard - - - - - - - - - - - - - - - - - - - VirtualizationBasedSecurityHwReq - - - - - - - - - - - - - - - text/plain - - - - - VirtualizationBasedSecurityStatus - - - - - - - - - - - - - - - text/plain - - - - - LsaCfgCredGuardStatus - - - - - - - - - - - - - - - text/plain - - - - - + ``` From b7dc1ed93064a8038a0d3968cff321a7abb6771d Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 9 Sep 2022 16:22:39 -0400 Subject: [PATCH 10/23] minor changes --- education/windows/take-a-test-multiple-pcs.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index c3ecdbff8f..c997343c49 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -14,7 +14,9 @@ ms.date: 08/10/2022 ms.reviewer: manager: aaroncz appliesto: -- ✅ Windows 10 and above +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- # Set up Take a Test on multiple PCs @@ -271,7 +273,7 @@ This assessment URL uses our lockdown API: ## Related topics -[Take tests in Windows 10](take-tests-in-windows-10.md) +[Take tests in Windows](take-tests-in-windows-10.md) [Set up Take a Test on a single PC](take-a-test-single-pc.md) From c6f89f671ccaee00314424fb5c324956d09e1f84 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 02:05:21 +0530 Subject: [PATCH 11/23] Updated --- .../mdm/personaldataencryption-csp.md | 38 ++ .../mdm/personaldataencryption-ddf-file.md | 127 ++++ .../mdm/policy-csp-personaldataencryption.md | 547 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 5 + 4 files changed, 717 insertions(+) create mode 100644 windows/client-management/mdm/personaldataencryption-csp.md create mode 100644 windows/client-management/mdm/personaldataencryption-ddf-file.md create mode 100644 windows/client-management/mdm/policy-csp-personaldataencryption.md diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md new file mode 100644 index 0000000000..1951ed7c94 --- /dev/null +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -0,0 +1,38 @@ +--- +title: PersonalDataEncryption CSP +description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: dansimp +ms.localizationpriority: medium +ms.date: 02/04/2022 +ms.reviewer: +manager: dansimp +ms.collection: highpri +--- +# PersonalDataEncryption CSP + +The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP is supported in Windows 11. + +The following shows the PersonalDataEncryption configuration service provider in tree format: + +```./User/Vendor/MSFT/PDE +-- EnablePersonalDataEncryption +-- Status +-------- PersonalDataEncryptionStatus + +``` +**EnablePersonalDataEncryption**: 0 is default (disabled). 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class (Windows.Security.DataProtection) - Windows UWP applications | Microsoft Docs](https://docs.microsoft.com/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). The public API allows apps running as the user to encrypt data as soon as this policy is enabled. This doesn't mean PDE is enabled as prerequisites must be met for this to happen. + +**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE are not met, then this will report 0. If all prerequisites are met for PDE, PDE won't enabled and this will report 1. + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|No|Yes| +|Education|No|Yes| \ No newline at end of file diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md new file mode 100644 index 0000000000..2911a85c66 --- /dev/null +++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md @@ -0,0 +1,127 @@ +--- +title: PersonalDataEncryption DDF file +description: Learn about the OMA DM device description framework (DDF) for the PersonalDataEncryption configuration service provider. +ms.author: v-nsatapathy +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.localizationpriority: medium +ms.date: 09/10/2022 +ms.reviewer: +manager: dansimp +--- + +# PersonalDataEncryption DDF file + +This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +The XML below is the current version for this CSP. + +```xml + +]> + + 1.2 + + PDE + ./User/Vendor/MSFT + + + + + + + + + + + + + + + + + + + EnablePersonalDataEncryption + + + + + + + + Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy. + + + + + + + + + + + + + + + 0 + Disable Personal Data Encryption. + + + 1 + Enable Personal Data Encryption. + + + + + + Status + + + + + + + + + + + + + + + + + + + PersonalDataEncryptionStatus + + + + + This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled. + + + + + + + + + + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-personaldataencryption.md b/windows/client-management/mdm/policy-csp-personaldataencryption.md new file mode 100644 index 0000000000..ce1673fa34 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-personaldataencryption.md @@ -0,0 +1,547 @@ +--- +title: Policy CSP - Printers +description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers. +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: dansimp +ms.localizationpriority: medium +ms.date: 09/27/2019 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - Printers + + + +
+ + +## Printers policies + +
+
+ Printers/ApprovedUsbPrintDevices +
+
+ Printers/ApprovedUsbPrintDevicesUser +
+
+ Printers/EnableDeviceControl +
+
+ Printers/EnableDeviceControlUser +
+
+ Printers/PointAndPrintRestrictions +
+
+ Printers/PointAndPrintRestrictions_User +
+
+ Printers/PublishPrinters +
+
+ +> [!TIP] +> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + +
+ + +**Printers/ApprovedUsbPrintDevices** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is `/[,/]` + +Parent deliverable: 26209274 - Device Control: Printer + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevices* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + + +
+ + +**Printers/ApprovedUsbPrintDevicesUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. +The format of this setting is `/[,/]` + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *ApprovedUsbPrintDevicesUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + +
+ + +**Printers/EnableDeviceControl** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControl* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ + + +**Printers/EnableDeviceControlUser** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy implements the print portion of the Device Control requirements. +These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. +This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. + +The default value of the policy will be Unconfigured. + +If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. + +If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. + + + + + +ADMX Info: +- GP Friendly name: *Support for new Device Control Print feature* +- GP name: *EnableDeviceControlUser* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ + +**Printers/PointAndPrintRestrictions** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. + +If you enable this policy setting: + +- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. + +- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. + +If you do not configure this policy setting: + +- Windows Vista client computers can point and print to any server. + +- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. + +- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. + +- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. + +If you disable this policy setting: + +- Windows Vista client computers can create a printer connection to any server using Point and Print. + +- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. + +- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. + +- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. + +- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). + + + + +ADMX Info: +- GP Friendly name: *Point and Print Restrictions* +- GP name: *PointAndPrint_Restrictions_Win7* +- GP path: *Printers* +- GP ADMX file name: *Printing.admx* + + + +Example: + +```xml +Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions +Data type: String Value: + + + + + +``` + + + +
+ + +**Printers/PointAndPrintRestrictions_User** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. + +If you enable this policy setting: + +- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. + +- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. + +If you do not configure this policy setting: + +- Windows Vista client computers can point and print to any server. + +- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. + +- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. + +- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. + +If you disable this policy setting: + +- Windows Vista client computers can create a printer connection to any server using Point and Print. + +- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. + +- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. + +- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. + +- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). + + + +ADMX Info: +- GP Friendly name: *Point and Print Restrictions* +- GP name: *PointAndPrint_Restrictions* +- GP path: *Control Panel/Printers* +- GP ADMX file name: *Printing.admx* + + + + +
+ + +**Printers/PublishPrinters** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Determines whether the computer's shared printers can be published in Active Directory. + +If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. + +If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. + +Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". + + + + +ADMX Info: +- GP Friendly name: *Allow printers to be published* +- GP name: *PublishPrinters* +- GP path: *Printers* +- GP ADMX file name: *Printing2.admx* + + + +
+ + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 1b85a93de4..30083bd92b 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -335,6 +335,11 @@ items: items: - name: PassportForWork DDF file href: passportforwork-ddf.md + - name: PersonalDataEncryption CSP + href: personaldataencryption-csp.md + items: + - name: PersonalDataEncryption DDF file + href: personaldataencryption-ddf.md - name: Personalization CSP href: personalization-csp.md items: From 8148c61d7f29d64d2faf42385722c1007905d4af Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 9 Sep 2022 14:44:38 -0700 Subject: [PATCH 12/23] Removed it as a service reference. --- .../windows-autopatch/references/windows-autopatch-privacy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index fa5d7a9ffd..c90d19fae5 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -20,7 +20,7 @@ Windows Autopatch is a cloud service for enterprise customers designed to keep e Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources. -The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. The service also uses these Microsoft services to enable Windows Autopatch to provide IT as a Service (ITaaS) capabilities: +The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. | Data source | Purpose | | ------ | ------ | From fcbcb4bb56e9790bea2518d97a501943b93ca7d2 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 16:39:38 +0530 Subject: [PATCH 13/23] Updated --- .../client-management/mdm/personaldataencryption-csp.md | 8 ++++++-- windows/client-management/mdm/toc.yml | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index 1951ed7c94..fde868ec6f 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -24,9 +24,13 @@ The following shows the PersonalDataEncryption configuration service provider in -------- PersonalDataEncryptionStatus ``` -**EnablePersonalDataEncryption**: 0 is default (disabled). 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class (Windows.Security.DataProtection) - Windows UWP applications | Microsoft Docs](https://docs.microsoft.com/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). The public API allows apps running as the user to encrypt data as soon as this policy is enabled. This doesn't mean PDE is enabled as prerequisites must be met for this to happen. +**EnablePersonalDataEncryption**: +- 0 is default (disabled) +- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class (Windows.Security.DataProtection) - Windows UWP applications | Microsoft Docs](https://docs.microsoft.com/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). -**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE are not met, then this will report 0. If all prerequisites are met for PDE, PDE won't enabled and this will report 1. +The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled. + +**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, PDE won't be enabled, and the will be report 1. |Edition|Windows 10|Windows 11| diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 30083bd92b..763ffabe95 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -339,7 +339,7 @@ items: href: personaldataencryption-csp.md items: - name: PersonalDataEncryption DDF file - href: personaldataencryption-ddf.md + href: personaldataencryption-ddf-file.md - name: Personalization CSP href: personalization-csp.md items: From aa7dcaa0bd93aa224e8a7683cf91bd1991d17277 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 16:42:33 +0530 Subject: [PATCH 14/23] Delete policy-csp-personaldataencryption.md --- .../mdm/policy-csp-personaldataencryption.md | 547 ------------------ 1 file changed, 547 deletions(-) delete mode 100644 windows/client-management/mdm/policy-csp-personaldataencryption.md diff --git a/windows/client-management/mdm/policy-csp-personaldataencryption.md b/windows/client-management/mdm/policy-csp-personaldataencryption.md deleted file mode 100644 index ce1673fa34..0000000000 --- a/windows/client-management/mdm/policy-csp-personaldataencryption.md +++ /dev/null @@ -1,547 +0,0 @@ ---- -title: Policy CSP - Printers -description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers. -ms.author: dansimp -ms.topic: article -ms.prod: w10 -ms.technology: windows -author: dansimp -ms.localizationpriority: medium -ms.date: 09/27/2019 -ms.reviewer: -manager: dansimp ---- - -# Policy CSP - Printers - - - -
- - -## Printers policies - -
-
- Printers/ApprovedUsbPrintDevices -
-
- Printers/ApprovedUsbPrintDevicesUser -
-
- Printers/EnableDeviceControl -
-
- Printers/EnableDeviceControlUser -
-
- Printers/PointAndPrintRestrictions -
-
- Printers/PointAndPrintRestrictions_User -
-
- Printers/PublishPrinters -
-
- -> [!TIP] -> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -> -> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). -> -> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - -
- - -**Printers/ApprovedUsbPrintDevices** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. -This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. -The format of this setting is `/[,/]` - -Parent deliverable: 26209274 - Device Control: Printer - - - -ADMX Info: -- GP Friendly name: *Support for new Device Control Print feature* -- GP name: *ApprovedUsbPrintDevices* -- GP path: *Printers* -- GP ADMX file name: *Printing.admx* - - - - - -
- - -**Printers/ApprovedUsbPrintDevicesUser** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. -This policy will contain the comma separated list of approved USB Vid&Pid combinations which the print spooler will allow to print when Device Control is enabled. -The format of this setting is `/[,/]` - - - - -ADMX Info: -- GP Friendly name: *Support for new Device Control Print feature* -- GP name: *ApprovedUsbPrintDevicesUser* -- GP path: *Printers* -- GP ADMX file name: *Printing.admx* - - - -
- - -**Printers/EnableDeviceControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. -This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. - -The default value of the policy will be Unconfigured. - -If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. - -If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. - - - - - -ADMX Info: -- GP Friendly name: *Support for new Device Control Print feature* -- GP name: *EnableDeviceControl* -- GP path: *Printers* -- GP ADMX file name: *Printing.admx* - - - - -
- - - -**Printers/EnableDeviceControlUser** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -This policy implements the print portion of the Device Control requirements. -These requirements include restricting printing to USB connected printers which match a list of approved USB Vid/Pid combinations or to corporate connected printers while either directly connected to the corporate network or when using a VPN connection to the corporate network. -This policy will control whether the print spooler will attempt to restrict printing as part of Device Control. - -The default value of the policy will be Unconfigured. - -If the policy value is either Unconfigured or Disabled the print spooler will not restrict printing. - -If the policy value is Enabled the print spooler will restrict local printing to USB devices in the Approved Device list. - - - - - -ADMX Info: -- GP Friendly name: *Support for new Device Control Print feature* -- GP name: *EnableDeviceControlUser* -- GP path: *Printers* -- GP ADMX file name: *Printing.admx* - - - - -
- - -**Printers/PointAndPrintRestrictions** - - - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|Yes|Yes| -|Education|Yes|Yes| - - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. - -If you enable this policy setting: - -- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. - -- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. - -If you do not configure this policy setting: - -- Windows Vista client computers can point and print to any server. - -- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. - -- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. - -- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - -If you disable this policy setting: - -- Windows Vista client computers can create a printer connection to any server using Point and Print. - -- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. - -- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. - -- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. - -- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - - - - -ADMX Info: -- GP Friendly name: *Point and Print Restrictions* -- GP name: *PointAndPrint_Restrictions_Win7* -- GP path: *Printers* -- GP ADMX file name: *Printing.admx* - - - -Example: - -```xml -Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions -Data type: String Value: - - - - - -``` - - - -
- - -**Printers/PointAndPrintRestrictions_User** - - - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|Yes|Yes| -|Education|Yes|Yes| - - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * User - -
- - - -This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. - -If you enable this policy setting: - -- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. - -- You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. - -If you do not configure this policy setting: - -- Windows Vista client computers can point and print to any server. - -- Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. - -- Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. - -- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print. - -If you disable this policy setting: - -- Windows Vista client computers can create a printer connection to any server using Point and Print. - -- Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print. - -- Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated. - -- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. - -- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - - - -ADMX Info: -- GP Friendly name: *Point and Print Restrictions* -- GP name: *PointAndPrint_Restrictions* -- GP path: *Control Panel/Printers* -- GP ADMX file name: *Printing.admx* - - - - -
- - -**Printers/PublishPrinters** - - - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|Yes|Yes| -|Education|Yes|Yes| - - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -Determines whether the computer's shared printers can be published in Active Directory. - -If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. - -If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. - -Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". - - - - -ADMX Info: -- GP Friendly name: *Allow printers to be published* -- GP name: *PublishPrinters* -- GP path: *Printers* -- GP ADMX file name: *Printing2.admx* - - - -
- - - From 796c3600a44f7af567079cd689490d7e0e80e300 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 16:44:34 +0530 Subject: [PATCH 15/23] Update toc.yml --- windows/client-management/mdm/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 763ffabe95..e016de2e76 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -1,6 +1,6 @@ items: - name: Mobile device management - href: index.md + href: index.yml items: - name: What's new in MDM enrollment and management href: new-in-windows-mdm-enrollment-management.md From 4405549277dcc1f562fe925b42f50790d1815e1f Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 16:49:21 +0530 Subject: [PATCH 16/23] Update personaldataencryption-csp.md --- windows/client-management/mdm/personaldataencryption-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index fde868ec6f..7b7094ea8f 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -26,7 +26,7 @@ The following shows the PersonalDataEncryption configuration service provider in ``` **EnablePersonalDataEncryption**: - 0 is default (disabled) -- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class (Windows.Security.DataProtection) - Windows UWP applications | Microsoft Docs](https://docs.microsoft.com/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). +- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled. From 936f6dab39f5b8e6e428d4b3b5cbd05f74c08d16 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Sat, 10 Sep 2022 16:51:59 +0530 Subject: [PATCH 17/23] Update personaldataencryption-csp.md --- windows/client-management/mdm/personaldataencryption-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index 7b7094ea8f..a26d9eab47 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -26,7 +26,7 @@ The following shows the PersonalDataEncryption configuration service provider in ``` **EnablePersonalDataEncryption**: - 0 is default (disabled) -- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager?view=winrt-22621). +- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled. From f6a5c101abbd415262443420c9618e0c7fb96c98 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 12 Sep 2022 19:09:40 +0530 Subject: [PATCH 18/23] Update personaldataencryption-csp.md --- windows/client-management/mdm/personaldataencryption-csp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index a26d9eab47..0ab672b4b3 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -30,7 +30,9 @@ The following shows the PersonalDataEncryption configuration service provider in The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled. -**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, PDE won't be enabled, and the will be report 1. +**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, then PDE will be enabled and this will report 1. + +**Applicability**: The policy is only applicable on enterprise and education SKUs. |Edition|Windows 10|Windows 11| From 6593b7529153ee4aedf202bc39d66693573c1e5e Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 12 Sep 2022 19:10:43 +0530 Subject: [PATCH 19/23] Update personaldataencryption-csp.md --- windows/client-management/mdm/personaldataencryption-csp.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index 0ab672b4b3..2e9c1aa963 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -34,7 +34,6 @@ The public API allows the applications running as the user to encrypt data as so **Applicability**: The policy is only applicable on enterprise and education SKUs. - |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| From d3ef2cef6a3a518acbcb5b4c9be18c0555063bb6 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 12 Sep 2022 19:28:07 +0530 Subject: [PATCH 20/23] Update personaldataencryption-csp.md --- windows/client-management/mdm/personaldataencryption-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index 2e9c1aa963..b21b26bd08 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -32,7 +32,8 @@ The public API allows the applications running as the user to encrypt data as so **Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, then PDE will be enabled and this will report 1. -**Applicability**: The policy is only applicable on enterprise and education SKUs. +> [!Note] +> The policy is only applicable on Enterprise and Education SKUs. |Edition|Windows 10|Windows 11| |--- |--- |--- | From 3e82f9783accf8532114ea20ab99f8b011ba5887 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 12 Sep 2022 09:58:43 -0400 Subject: [PATCH 21/23] Update toc.yml --- windows/client-management/mdm/toc.yml | 1967 ++++++++++++------------- 1 file changed, 983 insertions(+), 984 deletions(-) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index e016de2e76..ca5fc61494 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -1,985 +1,984 @@ items: -- name: Mobile device management - href: index.yml - items: - - name: What's new in MDM enrollment and management - href: new-in-windows-mdm-enrollment-management.md - items: - - name: Change history for MDM documentation - href: change-history-for-mdm-documentation.md - - name: Mobile device enrollment - href: mobile-device-enrollment.md - items: - - name: MDM enrollment of Windows devices - href: mdm-enrollment-of-windows-devices.md - items: - - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal" - href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md - - name: Enroll a Windows 10 device automatically using Group Policy - href: enroll-a-windows-10-device-automatically-using-group-policy.md - - name: Federated authentication device enrollment - href: federated-authentication-device-enrollment.md - - name: Certificate authentication device enrollment - href: certificate-authentication-device-enrollment.md - - name: On-premises authentication device enrollment - href: on-premise-authentication-device-enrollment.md - - name: Understanding ADMX policies - href: understanding-admx-backed-policies.md - - name: Enable ADMX policies in MDM - href: enable-admx-backed-policies-in-mdm.md - - name: Win32 and Desktop Bridge app policy configuration - href: win32-and-centennial-app-policy-configuration.md - - name: Implement server-side support for mobile application management on Windows - href: implement-server-side-mobile-application-management.md - - name: Diagnose MDM failures in Windows 10 - href: diagnose-mdm-failures-in-windows-10.md - - name: Deploy and configure App-V apps using MDM - href: appv-deploy-and-config.md - - name: Azure Active Directory integration with MDM - href: azure-active-directory-integration-with-mdm.md - items: - - name: Add an Azure AD tenant and Azure AD subscription - href: add-an-azure-ad-tenant-and-azure-ad-subscription.md - - name: Register your free Azure Active Directory subscription - href: register-your-free-azure-active-directory-subscription.md - - name: Enterprise app management - href: enterprise-app-management.md - - name: Mobile device management (MDM) for device updates - href: device-update-management.md - - name: Bulk enrollment - href: bulk-enrollment-using-windows-provisioning-tool.md - - name: Secured-Core PC Configuration Lock - href: config-lock.md - - name: Management tool for the Microsoft Store for Business - href: management-tool-for-windows-store-for-business.md - items: - - name: REST API reference for Microsoft Store for Business - href: rest-api-reference-windows-store-for-business.md - items: - - name: Data structures for Microsoft Store for Business - href: data-structures-windows-store-for-business.md - - name: Get Inventory - href: get-inventory.md - - name: Get product details - href: get-product-details.md - - name: Get localized product details - href: get-localized-product-details.md - - name: Get offline license - href: get-offline-license.md - - name: Get product packages - href: get-product-packages.md - - name: Get product package - href: get-product-package.md - - name: Get seats - href: get-seats.md - - name: Get seat - href: get-seat.md - - name: Assign seats - href: assign-seats.md - - name: Reclaim seat from user - href: reclaim-seat-from-user.md - - name: Bulk assign and reclaim seats from users - href: bulk-assign-and-reclaim-seats-from-user.md - - name: Get seats assigned to a user - href: get-seats-assigned-to-a-user.md - - name: Certificate renewal - href: certificate-renewal-windows-mdm.md - - name: Disconnecting from the management infrastructure (unenrollment) - href: disconnecting-from-mdm-unenrollment.md - - name: Enterprise settings, policies, and app management - href: windows-mdm-enterprise-settings.md - - name: Push notification support for device management - href: push-notification-windows-mdm.md - - name: OMA DM protocol support - href: oma-dm-protocol-support.md - - name: Structure of OMA DM provisioning files - href: structure-of-oma-dm-provisioning-files.md - - name: Server requirements for OMA DM - href: server-requirements-windows-mdm.md - - name: DMProcessConfigXMLFiltered - href: dmprocessconfigxmlfiltered.md - - name: Using PowerShell scripting with the WMI Bridge Provider - href: using-powershell-scripting-with-the-wmi-bridge-provider.md - - name: WMI providers supported in Windows 10 - href: wmi-providers-supported-in-windows.md - - name: Configuration service provider reference - href: configuration-service-provider-reference.md - items: - - name: AccountManagement CSP - href: accountmanagement-csp.md - items: - - name: AccountManagement DDF file - href: accountmanagement-ddf.md - - name: Accounts CSP - href: accounts-csp.md - items: - - name: Accounts DDF file - href: accounts-ddf-file.md - - name: ActiveSync CSP - href: activesync-csp.md - items: - - name: ActiveSync DDF file - href: activesync-ddf-file.md - - name: AllJoynManagement CSP - href: alljoynmanagement-csp.md - items: - - name: AllJoynManagement DDF - href: alljoynmanagement-ddf.md - - name: APPLICATION CSP - href: application-csp.md - - name: ApplicationControl CSP - href: applicationcontrol-csp.md - items: - - name: ApplicationControl DDF file - href: applicationcontrol-csp-ddf.md - - name: AppLocker CSP - href: applocker-csp.md - items: - - name: AppLocker DDF file - href: applocker-ddf-file.md - - name: AppLocker XSD - href: applocker-xsd.md - - name: AssignedAccess CSP - href: assignedaccess-csp.md - items: - - name: AssignedAccess DDF file - href: assignedaccess-ddf.md - - name: BitLocker CSP - href: bitlocker-csp.md - items: - - name: BitLocker DDF file - href: bitlocker-ddf-file.md - - name: CellularSettings CSP - href: cellularsettings-csp.md - - name: CertificateStore CSP - href: certificatestore-csp.md - items: - - name: CertificateStore DDF file - href: certificatestore-ddf-file.md - - name: CleanPC CSP - href: cleanpc-csp.md - items: - - name: CleanPC DDF - href: cleanpc-ddf.md - - name: ClientCertificateInstall CSP - href: clientcertificateinstall-csp.md - items: - - name: ClientCertificateInstall DDF file - href: clientcertificateinstall-ddf-file.md - - name: CM_CellularEntries CSP - href: cm-cellularentries-csp.md - - name: CMPolicy CSP - href: cmpolicy-csp.md - - name: CMPolicyEnterprise CSP - href: cmpolicyenterprise-csp.md - items: - - name: CMPolicyEnterprise DDF file - href: cmpolicyenterprise-ddf-file.md - - name: CustomDeviceUI CSP - href: customdeviceui-csp.md - items: - - name: CustomDeviceUI DDF file - href: customdeviceui-ddf.md - - name: Defender CSP - href: defender-csp.md - items: - - name: Defender DDF file - href: defender-ddf.md - - name: DevDetail CSP - href: devdetail-csp.md - items: - - name: DevDetail DDF file - href: devdetail-ddf-file.md - - name: DeveloperSetup CSP - href: developersetup-csp.md - items: - - name: DeveloperSetup DDF - href: developersetup-ddf.md - - name: DeviceLock CSP - href: devicelock-csp.md - items: - - name: DeviceLock DDF file - href: devicelock-ddf-file.md - - name: DeviceManageability CSP - href: devicemanageability-csp.md - items: - - name: DeviceManageability DDF - href: devicemanageability-ddf.md - - name: DeviceStatus CSP - href: devicestatus-csp.md - items: - - name: DeviceStatus DDF - href: devicestatus-ddf.md - - name: DevInfo CSP - href: devinfo-csp.md - items: - - name: DevInfo DDF file - href: devinfo-ddf-file.md - - name: DiagnosticLog CSP - href: diagnosticlog-csp.md - items: - - name: DiagnosticLog DDF file - href: diagnosticlog-ddf.md - - name: DMAcc CSP - href: dmacc-csp.md - items: - - name: DMAcc DDF file - href: dmacc-ddf-file.md - - name: DMClient CSP - href: dmclient-csp.md - items: - - name: DMClient DDF file - href: dmclient-ddf-file.md - - name: DMSessionActions CSP - href: dmsessionactions-csp.md - items: - - name: DMSessionActions DDF file - href: dmsessionactions-ddf.md - - name: DynamicManagement CSP - href: dynamicmanagement-csp.md - items: - - name: DynamicManagement DDF file - href: dynamicmanagement-ddf.md - - name: EMAIL2 CSP - href: email2-csp.md - items: - - name: EMAIL2 DDF file - href: email2-ddf-file.md - - name: EnrollmentStatusTracking CSP - href: enrollmentstatustracking-csp.md - items: - - name: EnrollmentStatusTracking DDF file - href: enrollmentstatustracking-csp-ddf.md - - name: EnterpriseAPN CSP - href: enterpriseapn-csp.md - items: - - name: EnterpriseAPN DDF - href: enterpriseapn-ddf.md - - name: EnterpriseAppManagement CSP - href: enterpriseappmanagement-csp.md - - name: EnterpriseAppVManagement CSP - href: enterpriseappvmanagement-csp.md - items: - - name: EnterpriseAppVManagement DDF file - href: enterpriseappvmanagement-ddf.md - - name: EnterpriseDataProtection CSP - href: enterprisedataprotection-csp.md - items: - - name: EnterpriseDataProtection DDF file - href: enterprisedataprotection-ddf-file.md - - name: EnterpriseDesktopAppManagement CSP - href: enterprisedesktopappmanagement-csp.md - items: - - name: EnterpriseDesktopAppManagement DDF - href: enterprisedesktopappmanagement-ddf-file.md - - name: EnterpriseDesktopAppManagement XSD - href: enterprisedesktopappmanagement2-xsd.md - - name: EnterpriseModernAppManagement CSP - href: enterprisemodernappmanagement-csp.md - items: - - name: EnterpriseModernAppManagement DDF - href: enterprisemodernappmanagement-ddf.md - - name: EnterpriseModernAppManagement XSD - href: enterprisemodernappmanagement-xsd.md - - name: eUICCs CSP - href: euiccs-csp.md - items: - - name: eUICCs DDF file - href: euiccs-ddf-file.md - - name: Firewall CSP - href: firewall-csp.md - items: - - name: Firewall DDF file - href: firewall-ddf-file.md - - name: HealthAttestation CSP - href: healthattestation-csp.md - items: - - name: HealthAttestation DDF - href: healthattestation-ddf.md - - name: Messaging CSP - href: messaging-csp.md - items: - - name: Messaging DDF file - href: messaging-ddf.md - - name: MultiSIM CSP - href: multisim-csp.md - items: - - name: MultiSIM DDF file - href: multisim-ddf.md - - name: NAP CSP - href: nap-csp.md - - name: NAPDEF CSP - href: napdef-csp.md - - name: NetworkProxy CSP - href: networkproxy-csp.md - items: - - name: NetworkProxy DDF file - href: networkproxy-ddf.md - - name: NetworkQoSPolicy CSP - href: networkqospolicy-csp.md - items: - - name: NetworkQoSPolicy DDF file - href: networkqospolicy-ddf.md - - name: NodeCache CSP - href: nodecache-csp.md - items: - - name: NodeCache DDF file - href: nodecache-ddf-file.md - - name: Office CSP - href: office-csp.md - items: - - name: Office DDF - href: office-ddf.md - - name: PassportForWork CSP - href: passportforwork-csp.md - items: - - name: PassportForWork DDF file - href: passportforwork-ddf.md - - name: PersonalDataEncryption CSP - href: personaldataencryption-csp.md - items: - - name: PersonalDataEncryption DDF file - href: personaldataencryption-ddf-file.md - - name: Personalization CSP - href: personalization-csp.md - items: - - name: Personalization DDF file - href: personalization-ddf.md - - name: Policy CSP - href: policy-configuration-service-provider.md - items: - - name: Policy CSP DDF file - href: policy-ddf-file.md - - name: Policies in Policy CSP supported by Group Policy - href: policies-in-policy-csp-supported-by-group-policy.md - - name: ADMX policies in Policy CSP - href: policies-in-policy-csp-admx-backed.md - - name: Policies in Policy CSP supported by HoloLens 2 - href: policies-in-policy-csp-supported-by-hololens2.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite - href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md - - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition - href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md - - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise - href: ./configuration-service-provider-reference.md - - name: Policies in Policy CSP supported by Windows 10 IoT Core - href: policies-in-policy-csp-supported-by-iot-core.md - - name: Policies in Policy CSP supported by Microsoft Surface Hub - href: policies-in-policy-csp-supported-by-surface-hub.md - - name: Policy CSPs that can be set using Exchange Active Sync (EAS) - href: policies-in-policy-csp-that-can-be-set-using-eas.md - - name: AboveLock - href: policy-csp-abovelock.md - - name: Accounts - href: policy-csp-accounts.md - - name: ActiveXControls - href: policy-csp-activexcontrols.md - - name: ADMX_ActiveXInstallService - href: policy-csp-admx-activexinstallservice.md - - name: ADMX_AddRemovePrograms - href: policy-csp-admx-addremoveprograms.md - - name: ADMX_AdmPwd - href: policy-csp-admx-admpwd.md - - name: ADMX_AppCompat - href: policy-csp-admx-appcompat.md - - name: ADMX_AppxPackageManager - href: policy-csp-admx-appxpackagemanager.md - - name: ADMX_AppXRuntime - href: policy-csp-admx-appxruntime.md - - name: ADMX_AttachmentManager - href: policy-csp-admx-attachmentmanager.md - - name: ADMX_AuditSettings - href: policy-csp-admx-auditsettings.md - - name: ADMX_Bits - href: policy-csp-admx-bits.md - - name: ADMX_CipherSuiteOrder - href: policy-csp-admx-ciphersuiteorder.md - - name: ADMX_COM - href: policy-csp-admx-com.md - - name: ADMX_ControlPanel - href: policy-csp-admx-controlpanel.md - - name: ADMX_ControlPanelDisplay - href: policy-csp-admx-controlpaneldisplay.md - - name: ADMX_Cpls - href: policy-csp-admx-cpls.md - - name: ADMX_CredentialProviders - href: policy-csp-admx-credentialproviders.md - - name: ADMX_CredSsp - href: policy-csp-admx-credssp.md - - name: ADMX_CredUI - href: policy-csp-admx-credui.md - - name: ADMX_CtrlAltDel - href: policy-csp-admx-ctrlaltdel.md - - name: ADMX_DataCollection - href: policy-csp-admx-datacollection.md - - name: ADMX_DCOM - href: policy-csp-admx-dcom.md - - name: ADMX_Desktop - href: policy-csp-admx-desktop.md - - name: ADMX_DeviceCompat - href: policy-csp-admx-devicecompat.md - - name: ADMX_DeviceGuard - href: policy-csp-admx-deviceguard.md - - name: ADMX_DeviceInstallation - href: policy-csp-admx-deviceinstallation.md - - name: ADMX_DeviceSetup - href: policy-csp-admx-devicesetup.md - - name: ADMX_DFS - href: policy-csp-admx-dfs.md - - name: ADMX_DigitalLocker - href: policy-csp-admx-digitallocker.md - - name: ADMX_DiskDiagnostic - href: policy-csp-admx-diskdiagnostic.md - - name: ADMX_DistributedLinkTracking - href: policy-csp-admx-distributedlinktracking.md - - name: ADMX_DnsClient - href: policy-csp-admx-dnsclient.md - - name: ADMX_DWM - href: policy-csp-admx-dwm.md - - name: ADMX_EAIME - href: policy-csp-admx-eaime.md - - name: ADMX_EncryptFilesonMove - href: policy-csp-admx-encryptfilesonmove.md - - name: ADMX_EventLogging - href: policy-csp-admx-eventlogging.md - - name: ADMX_EnhancedStorage - href: policy-csp-admx-enhancedstorage.md - - name: ADMX_ErrorReporting - href: policy-csp-admx-errorreporting.md - - name: ADMX_EventForwarding - href: policy-csp-admx-eventforwarding.md - - name: ADMX_EventLog - href: policy-csp-admx-eventlog.md - - name: ADMX_EventViewer - href: policy-csp-admx-eventviewer.md - - name: ADMX_Explorer - href: policy-csp-admx-explorer.md - - name: ADMX_ExternalBoot - href: policy-csp-admx-externalboot.md - - name: ADMX_FileRecovery - href: policy-csp-admx-filerecovery.md - - name: ADMX_FileRevocation - href: policy-csp-admx-filerevocation.md - - name: ADMX_FileServerVSSProvider - href: policy-csp-admx-fileservervssprovider.md - - name: ADMX_FileSys - href: policy-csp-admx-filesys.md - - name: ADMX_FolderRedirection - href: policy-csp-admx-folderredirection.md - - name: ADMX_FramePanes - href: policy-csp-admx-framepanes.md - - name: ADMX_FTHSVC - href: policy-csp-admx-fthsvc.md - - name: ADMX_Globalization - href: policy-csp-admx-globalization.md - - name: ADMX_GroupPolicy - href: policy-csp-admx-grouppolicy.md - - name: ADMX_Help - href: policy-csp-admx-help.md - - name: ADMX_HelpAndSupport - href: policy-csp-admx-helpandsupport.md - - name: ADMX_HotSpotAuth - href: policy-csp-admx-hotspotauth.md - - name: ADMX_ICM - href: policy-csp-admx-icm.md - - name: ADMX_IIS - href: policy-csp-admx-iis.md - - name: ADMX_iSCSI - href: policy-csp-admx-iscsi.md - - name: ADMX_kdc - href: policy-csp-admx-kdc.md - - name: ADMX_Kerberos - href: policy-csp-admx-kerberos.md - - name: ADMX_LanmanServer - href: policy-csp-admx-lanmanserver.md - - name: ADMX_LanmanWorkstation - href: policy-csp-admx-lanmanworkstation.md - - name: ADMX_LeakDiagnostic - href: policy-csp-admx-leakdiagnostic.md - - name: ADMX_LinkLayerTopologyDiscovery - href: policy-csp-admx-linklayertopologydiscovery.md - - name: ADMX_LocationProviderAdm - href: policy-csp-admx-locationprovideradm.md - - name: ADMX_Logon - href: policy-csp-admx-logon.md - - name: ADMX_MicrosoftDefenderAntivirus - href: policy-csp-admx-microsoftdefenderantivirus.md - - name: ADMX_MMC - href: policy-csp-admx-mmc.md - - name: ADMX_MMCSnapins - href: policy-csp-admx-mmcsnapins.md - - name: ADMX_MobilePCMobilityCenter - href: policy-csp-admx-mobilepcmobilitycenter.md - - name: ADMX_MobilePCPresentationSettings - href: policy-csp-admx-mobilepcpresentationsettings.md - - name: ADMX_MSAPolicy - href: policy-csp-admx-msapolicy.md - - name: ADMX_msched - href: policy-csp-admx-msched.md - - name: ADMX_MSDT - href: policy-csp-admx-msdt.md - - name: ADMX_MSI - href: policy-csp-admx-msi.md - - name: ADMX_MsiFileRecovery - href: policy-csp-admx-msifilerecovery.md - - name: ADMX_nca - href: policy-csp-admx-nca.md - - name: ADMX_NCSI - href: policy-csp-admx-ncsi.md - - name: ADMX_Netlogon - href: policy-csp-admx-netlogon.md - - name: ADMX_NetworkConnections - href: policy-csp-admx-networkconnections.md - - name: ADMX_OfflineFiles - href: policy-csp-admx-offlinefiles.md - - name: ADMX_pca - href: policy-csp-admx-pca.md - - name: ADMX_PeerToPeerCaching - href: policy-csp-admx-peertopeercaching.md - - name: ADMX_PenTraining - href: policy-csp-admx-pentraining.md - - name: ADMX_PerformanceDiagnostics - href: policy-csp-admx-performancediagnostics.md - - name: ADMX_Power - href: policy-csp-admx-power.md - - name: ADMX_PowerShellExecutionPolicy - href: policy-csp-admx-powershellexecutionpolicy.md - - name: ADMX_PreviousVersions - href: policy-csp-admx-previousversions.md - - name: ADMX_Printing - href: policy-csp-admx-printing.md - - name: ADMX_Printing2 - href: policy-csp-admx-printing2.md - - name: ADMX_Programs - href: policy-csp-admx-programs.md - - name: ADMX_Reliability - href: policy-csp-admx-reliability.md - - name: ADMX_RemoteAssistance - href: policy-csp-admx-remoteassistance.md - - name: ADMX_RemovableStorage - href: policy-csp-admx-removablestorage.md - - name: ADMX_RPC - href: policy-csp-admx-rpc.md - - name: ADMX_Scripts - href: policy-csp-admx-scripts.md - - name: ADMX_sdiageng - href: policy-csp-admx-sdiageng.md - - name: ADMX_sdiagschd - href: policy-csp-admx-sdiagschd.md - - name: ADMX_Securitycenter - href: policy-csp-admx-securitycenter.md - - name: ADMX_Sensors - href: policy-csp-admx-sensors.md - - name: ADMX_ServerManager - href: policy-csp-admx-servermanager.md - - name: ADMX_Servicing - href: policy-csp-admx-servicing.md - - name: ADMX_SettingSync - href: policy-csp-admx-settingsync.md - - name: ADMX_SharedFolders - href: policy-csp-admx-sharedfolders.md - - name: ADMX_Sharing - href: policy-csp-admx-sharing.md - - name: ADMX_ShellCommandPromptRegEditTools - href: policy-csp-admx-shellcommandpromptregedittools.md - - name: ADMX_Smartcard - href: policy-csp-admx-smartcard.md - - name: ADMX_Snmp - href: policy-csp-admx-snmp.md - - name: ADMX_StartMenu - href: policy-csp-admx-startmenu.md - - name: ADMX_SystemRestore - href: policy-csp-admx-systemrestore.md - - name: ADMX_TabletShell - href: policy-csp-admx-tabletshell.md - - name: ADMX_Taskbar - href: policy-csp-admx-taskbar.md - - name: ADMX_tcpip - href: policy-csp-admx-tcpip.md - - name: ADMX_TerminalServer - href: policy-csp-admx-terminalserver.md - - name: ADMX_Thumbnails - href: policy-csp-admx-thumbnails.md - - name: ADMX_TouchInput - href: policy-csp-admx-touchinput.md - - name: ADMX_TPM - href: policy-csp-admx-tpm.md - - name: ADMX_UserExperienceVirtualization - href: policy-csp-admx-userexperiencevirtualization.md - - name: ADMX_UserProfiles - href: policy-csp-admx-userprofiles.md - - name: ADMX_W32Time - href: policy-csp-admx-w32time.md - - name: ADMX_WCM - href: policy-csp-admx-wcm.md - - name: ADMX_WDI - href: policy-csp-admx-wdi.md - - name: ADMX_WinCal - href: policy-csp-admx-wincal.md - - name: ADMX_WindowsConnectNow - href: policy-csp-admx-windowsconnectnow.md - - name: ADMX_WindowsExplorer - href: policy-csp-admx-windowsexplorer.md - - name: ADMX_WindowsMediaDRM - href: policy-csp-admx-windowsmediadrm.md - - name: ADMX_WindowsMediaPlayer - href: policy-csp-admx-windowsmediaplayer.md - - name: ADMX_WindowsRemoteManagement - href: policy-csp-admx-windowsremotemanagement.md - - name: ADMX_WindowsStore - href: policy-csp-admx-windowsstore.md - - name: ADMX_WinInit - href: policy-csp-admx-wininit.md - - name: ADMX_WinLogon - href: policy-csp-admx-winlogon.md - - name: ADMX-Winsrv - href: policy-csp-admx-winsrv.md - - name: ADMX_wlansvc - href: policy-csp-admx-wlansvc.md - - name: ADMX_WordWheel - href: policy-csp-admx-wordwheel.md - - name: ADMX_WorkFoldersClient - href: policy-csp-admx-workfoldersclient.md - - name: ADMX_WPN - href: policy-csp-admx-wpn.md - - name: ApplicationDefaults - href: policy-csp-applicationdefaults.md - - name: ApplicationManagement - href: policy-csp-applicationmanagement.md - - name: AppRuntime - href: policy-csp-appruntime.md - - name: AppVirtualization - href: policy-csp-appvirtualization.md - - name: AttachmentManager - href: policy-csp-attachmentmanager.md - - name: Audit - href: policy-csp-audit.md - - name: Authentication - href: policy-csp-authentication.md - - name: Autoplay - href: policy-csp-autoplay.md - - name: BitLocker - href: policy-csp-bitlocker.md - - name: BITS - href: policy-csp-bits.md - - name: Bluetooth - href: policy-csp-bluetooth.md - - name: Browser - href: policy-csp-browser.md - - name: Camera - href: policy-csp-camera.md - - name: Cellular - href: policy-csp-cellular.md - - name: Connectivity - href: policy-csp-connectivity.md - - name: ControlPolicyConflict - href: policy-csp-controlpolicyconflict.md - - name: CredentialsDelegation - href: policy-csp-credentialsdelegation.md - - name: CredentialProviders - href: policy-csp-credentialproviders.md - - name: CredentialsUI - href: policy-csp-credentialsui.md - - name: Cryptography - href: policy-csp-cryptography.md - - name: DataProtection - href: policy-csp-dataprotection.md - - name: DataUsage - href: policy-csp-datausage.md - - name: Defender - href: policy-csp-defender.md - - name: DeliveryOptimization - href: policy-csp-deliveryoptimization.md - - name: Desktop - href: policy-csp-desktop.md - - name: DeviceGuard - href: policy-csp-deviceguard.md - - name: DeviceHealthMonitoring - href: policy-csp-devicehealthmonitoring.md - - name: DeviceInstallation - href: policy-csp-deviceinstallation.md - - name: DeviceLock - href: policy-csp-devicelock.md - - name: Display - href: policy-csp-display.md - - name: DmaGuard - href: policy-csp-dmaguard.md - - name: EAP - href: policy-csp-eap.md - - name: Education - href: policy-csp-education.md - - name: EnterpriseCloudPrint - href: policy-csp-enterprisecloudprint.md - - name: ErrorReporting - href: policy-csp-errorreporting.md - - name: EventLogService - href: policy-csp-eventlogservice.md - - name: Experience - href: policy-csp-experience.md - - name: ExploitGuard - href: policy-csp-exploitguard.md - - name: Feeds - href: policy-csp-feeds.md - - name: FileExplorer - href: policy-csp-fileexplorer.md - - name: Games - href: policy-csp-games.md - - name: Handwriting - href: policy-csp-handwriting.md - - name: HumanPresence - href: policy-csp-humanpresence.md - - name: InternetExplorer - href: policy-csp-internetexplorer.md - - name: Kerberos - href: policy-csp-kerberos.md - - name: KioskBrowser - href: policy-csp-kioskbrowser.md - - name: LanmanWorkstation - href: policy-csp-lanmanworkstation.md - - name: Licensing - href: policy-csp-licensing.md - - name: LocalPoliciesSecurityOptions - href: policy-csp-localpoliciessecurityoptions.md - - name: LocalUsersAndGroups - href: policy-csp-localusersandgroups.md - - name: LockDown - href: policy-csp-lockdown.md - - name: Maps - href: policy-csp-maps.md - - name: MemoryDump - href: policy-csp-memorydump.md - - name: Messaging - href: policy-csp-messaging.md - - name: MixedReality - href: policy-csp-mixedreality.md - - name: MSSecurityGuide - href: policy-csp-mssecurityguide.md - - name: MSSLegacy - href: policy-csp-msslegacy.md - - name: Multitasking - href: policy-csp-multitasking.md - - name: NetworkIsolation - href: policy-csp-networkisolation.md - - name: NetworkListManager - href: policy-csp-networklistmanager.md - - name: NewsAndInterests - href: policy-csp-newsandinterests.md - - name: Notifications - href: policy-csp-notifications.md - - name: Power - href: policy-csp-power.md - - name: Printers - href: policy-csp-printers.md - - name: Privacy - href: policy-csp-privacy.md - - name: RemoteAssistance - href: policy-csp-remoteassistance.md - - name: RemoteDesktop - href: policy-csp-remotedesktop.md - - name: RemoteDesktopServices - href: policy-csp-remotedesktopservices.md - - name: RemoteManagement - href: policy-csp-remotemanagement.md - - name: RemoteProcedureCall - href: policy-csp-remoteprocedurecall.md - - name: RemoteShell - href: policy-csp-remoteshell.md - - name: RestrictedGroups - href: policy-csp-restrictedgroups.md - - name: Search - href: policy-csp-search.md - - name: Security - href: policy-csp-security.md - - name: ServiceControlManager - href: policy-csp-servicecontrolmanager.md - - name: Settings - href: policy-csp-settings.md - - name: Speech - href: policy-csp-speech.md - - name: Start - href: policy-csp-start.md - - name: Storage - href: policy-csp-storage.md - - name: System - href: policy-csp-system.md - - name: SystemServices - href: policy-csp-systemservices.md - - name: TaskManager - href: policy-csp-taskmanager.md - - name: TaskScheduler - href: policy-csp-taskscheduler.md - - name: TextInput - href: policy-csp-textinput.md - - name: TimeLanguageSettings - href: policy-csp-timelanguagesettings.md - - name: Troubleshooting - href: policy-csp-troubleshooting.md - - name: Update - href: policy-csp-update.md - - name: UserRights - href: policy-csp-userrights.md - - name: VirtualizationBasedTechnology - href: policy-csp-virtualizationbasedtechnology.md - - name: Wifi - href: policy-csp-wifi.md - - name: WindowsAutoPilot - href: policy-csp-windowsautopilot.md - - name: WindowsConnectionManager - href: policy-csp-windowsconnectionmanager.md - - name: WindowsDefenderSecurityCenter - href: policy-csp-windowsdefendersecuritycenter.md - - name: WindowsDefenderSmartScreen - href: policy-csp-smartscreen.md - - name: WindowsInkWorkspace - href: policy-csp-windowsinkworkspace.md - - name: WindowsLogon - href: policy-csp-windowslogon.md - - name: WindowsPowerShell - href: policy-csp-windowspowershell.md - - name: WindowsSandbox - href: policy-csp-windowssandbox.md - - name: WirelessDisplay - href: policy-csp-wirelessdisplay.md - - name: PolicyManager CSP - href: policymanager-csp.md - - name: Provisioning CSP - href: provisioning-csp.md - - name: PROXY CSP - href: proxy-csp.md - - name: PXLOGICAL CSP - href: pxlogical-csp.md - - name: Reboot CSP - href: reboot-csp.md - items: - - name: Reboot DDF file - href: reboot-ddf-file.md - - name: RemoteFind CSP - href: remotefind-csp.md - items: - - name: RemoteFind DDF file - href: remotefind-ddf-file.md - - name: RemoteRing CSP - href: remotering-csp.md - items: - - name: RemoteRing DDF file - href: remotering-ddf-file.md - - name: RemoteWipe CSP - href: remotewipe-csp.md - items: - - name: RemoteWipe DDF file - href: remotewipe-ddf-file.md - - name: Reporting CSP - href: reporting-csp.md - items: - - name: Reporting DDF file - href: reporting-ddf-file.md - - name: RootCATrustedCertificates CSP - href: rootcacertificates-csp.md - items: - - name: RootCATrustedCertificates DDF file - href: rootcacertificates-ddf-file.md - - name: SecureAssessment CSP - href: secureassessment-csp.md - items: - - name: SecureAssessment DDF file - href: secureassessment-ddf-file.md - - name: SecurityPolicy CSP - href: securitypolicy-csp.md - - name: SharedPC CSP - href: sharedpc-csp.md - items: - - name: SharedPC DDF file - href: sharedpc-ddf-file.md - - name: Storage CSP - href: storage-csp.md - items: - - name: Storage DDF file - href: storage-ddf-file.md - - name: SUPL CSP - href: supl-csp.md - items: - - name: SUPL DDF file - href: supl-ddf-file.md - - name: SurfaceHub CSP - href: surfacehub-csp.md - items: - - name: SurfaceHub DDF file - href: surfacehub-ddf-file.md - - name: TenantLockdown CSP - href: tenantlockdown-csp.md - items: - - name: TenantLockdown DDF file - href: tenantlockdown-ddf.md - - name: TPMPolicy CSP - href: tpmpolicy-csp.md - items: - - name: TPMPolicy DDF file - href: tpmpolicy-ddf-file.md - - name: UEFI CSP - href: uefi-csp.md - items: - - name: UEFI DDF file - href: uefi-ddf.md - - name: UnifiedWriteFilter CSP - href: unifiedwritefilter-csp.md - items: - - name: UnifiedWriteFilter DDF file - href: unifiedwritefilter-ddf.md - - name: Update CSP - href: update-csp.md - items: - - name: Update DDF file - href: update-ddf-file.md - - name: VPN CSP - href: vpn-csp.md - items: - - name: VPN DDF file - href: vpn-ddf-file.md - - name: VPNv2 CSP - href: vpnv2-csp.md - items: - - name: VPNv2 DDF file - href: vpnv2-ddf-file.md - - name: ProfileXML XSD - href: vpnv2-profile-xsd.md - - name: EAP configuration - href: eap-configuration.md - - name: w4 APPLICATION CSP - href: w4-application-csp.md - - name: w7 APPLICATION CSP - href: w7-application-csp.md - - name: WiFi CSP - href: wifi-csp.md - items: - - name: WiFi DDF file - href: wifi-ddf-file.md - - name: Win32AppInventory CSP - href: win32appinventory-csp.md - items: - - name: Win32AppInventory DDF file - href: win32appinventory-ddf-file.md - - name: Win32CompatibilityAppraiser CSP - href: win32compatibilityappraiser-csp.md - items: - - name: Win32CompatibilityAppraiser DDF file - href: win32compatibilityappraiser-ddf.md - - name: WindowsAdvancedThreatProtection CSP - href: windowsadvancedthreatprotection-csp.md - items: - - name: WindowsAdvancedThreatProtection DDF file - href: windowsadvancedthreatprotection-ddf.md - - name: WindowsDefenderApplicationGuard CSP - href: windowsdefenderapplicationguard-csp.md - items: - - name: WindowsDefenderApplicationGuard DDF file - href: windowsdefenderapplicationguard-ddf-file.md - - name: WindowsLicensing CSP - href: windowslicensing-csp.md - items: - - name: WindowsLicensing DDF file - href: windowslicensing-ddf-file.md - - name: WiredNetwork CSP - href: wirednetwork-csp.md - items: - - name: WiredNetwork DDF file - href: wirednetwork-ddf-file.md + - name: Mobile Device Management + href: index.yml + items: + - name: Overview + items: + - name: MDM overview + href: mdm-overview.md + - name: What's new in MDM enrollment and management + href: new-in-windows-mdm-enrollment-management.md + - name: Change history for MDM documentation + href: change-history-for-mdm-documentation.md + - name: Azure Active Directory integration with MDM + href: azure-active-directory-integration-with-mdm.md + items: + - name: Add an Azure AD tenant and Azure AD subscription + href: add-an-azure-ad-tenant-and-azure-ad-subscription.md + - name: Register your free Azure Active Directory subscription + href: register-your-free-azure-active-directory-subscription.md + - name: Device enrollment + href: mobile-device-enrollment.md + items: + - name: MDM enrollment of Windows devices + href: mdm-enrollment-of-windows-devices.md + - name: "Azure AD and Microsoft Intune: Automatic MDM enrollment" + href: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md + - name: Enroll a Windows 10 device automatically using Group Policy + href: enroll-a-windows-10-device-automatically-using-group-policy.md + - name: Bulk enrollment + href: bulk-enrollment-using-windows-provisioning-tool.md + - name: Federated authentication device enrollment + href: federated-authentication-device-enrollment.md + - name: Certificate authentication device enrollment + href: certificate-authentication-device-enrollment.md + - name: On-premises authentication device enrollment + href: on-premise-authentication-device-enrollment.md + - name: Disconnecting a device from MDM (unenrollment) + href: disconnecting-from-mdm-unenrollment.md + - name: Understanding ADMX policies + href: understanding-admx-backed-policies.md + items: + - name: Enable ADMX policies in MDM + href: enable-admx-backed-policies-in-mdm.md + - name: Win32 and Desktop Bridge app policy configuration + href: win32-and-centennial-app-policy-configuration.md + - name: Enterprise settings, policies, and app management + href: windows-mdm-enterprise-settings.md + items: + - name: Enterprise app management + href: enterprise-app-management.md + items: + - name: Deploy and configure App-V apps using MDM + href: appv-deploy-and-config.md + - name: Management tool for the Microsoft Store for Business + href: management-tool-for-windows-store-for-business.md + - name: REST API reference for Microsoft Store for Business + href: rest-api-reference-windows-store-for-business.md + items: + - name: Data structures for Microsoft Store for Business + href: data-structures-windows-store-for-business.md + - name: Get Inventory + href: get-inventory.md + - name: Get product details + href: get-product-details.md + - name: Get localized product details + href: get-localized-product-details.md + - name: Get offline license + href: get-offline-license.md + - name: Get product packages + href: get-product-packages.md + - name: Get product package + href: get-product-package.md + - name: Get seats + href: get-seats.md + - name: Get seat + href: get-seat.md + - name: Assign seats + href: assign-seats.md + - name: Reclaim seat from user + href: reclaim-seat-from-user.md + - name: Bulk assign and reclaim seats from users + href: bulk-assign-and-reclaim-seats-from-user.md + - name: Get seats assigned to a user + href: get-seats-assigned-to-a-user.md + - name: Mobile device management (MDM) for device updates + href: device-update-management.md + - name: Secured-Core PC Configuration Lock + href: config-lock.md + - name: Certificate renewal + href: certificate-renewal-windows-mdm.md + - name: Using PowerShell scripting with the WMI Bridge Provider + href: using-powershell-scripting-with-the-wmi-bridge-provider.md + - name: WMI providers supported in Windows 10 + href: wmi-providers-supported-in-windows.md + - name: Diagnose MDM failures in Windows 10 + href: diagnose-mdm-failures-in-windows-10.md + - name: Push notification support for device management + href: push-notification-windows-mdm.md + - name: MAM support for device management + href: implement-server-side-mobile-application-management.md + - name: OMA DM protocol support + href: oma-dm-protocol-support.md + items: + - name: Structure of OMA DM provisioning files + href: structure-of-oma-dm-provisioning-files.md + - name: Server requirements for OMA DM + href: server-requirements-windows-mdm.md + - name: DMProcessConfigXMLFiltered + href: dmprocessconfigxmlfiltered.md + - name: Configuration service provider reference + href: configuration-service-provider-reference.md + items: + - name: AccountManagement CSP + href: accountmanagement-csp.md + items: + - name: AccountManagement DDF file + href: accountmanagement-ddf.md + - name: Accounts CSP + href: accounts-csp.md + items: + - name: Accounts DDF file + href: accounts-ddf-file.md + - name: ActiveSync CSP + href: activesync-csp.md + items: + - name: ActiveSync DDF file + href: activesync-ddf-file.md + - name: AllJoynManagement CSP + href: alljoynmanagement-csp.md + items: + - name: AllJoynManagement DDF + href: alljoynmanagement-ddf.md + - name: APPLICATION CSP + href: application-csp.md + - name: ApplicationControl CSP + href: applicationcontrol-csp.md + items: + - name: ApplicationControl DDF file + href: applicationcontrol-csp-ddf.md + - name: AppLocker CSP + href: applocker-csp.md + items: + - name: AppLocker DDF file + href: applocker-ddf-file.md + - name: AppLocker XSD + href: applocker-xsd.md + - name: AssignedAccess CSP + href: assignedaccess-csp.md + items: + - name: AssignedAccess DDF file + href: assignedaccess-ddf.md + - name: BitLocker CSP + href: bitlocker-csp.md + items: + - name: BitLocker DDF file + href: bitlocker-ddf-file.md + - name: CellularSettings CSP + href: cellularsettings-csp.md + - name: CertificateStore CSP + href: certificatestore-csp.md + items: + - name: CertificateStore DDF file + href: certificatestore-ddf-file.md + - name: CleanPC CSP + href: cleanpc-csp.md + items: + - name: CleanPC DDF + href: cleanpc-ddf.md + - name: ClientCertificateInstall CSP + href: clientcertificateinstall-csp.md + items: + - name: ClientCertificateInstall DDF file + href: clientcertificateinstall-ddf-file.md + - name: CM_CellularEntries CSP + href: cm-cellularentries-csp.md + - name: CMPolicy CSP + href: cmpolicy-csp.md + - name: CMPolicyEnterprise CSP + href: cmpolicyenterprise-csp.md + items: + - name: CMPolicyEnterprise DDF file + href: cmpolicyenterprise-ddf-file.md + - name: CustomDeviceUI CSP + href: customdeviceui-csp.md + items: + - name: CustomDeviceUI DDF file + href: customdeviceui-ddf.md + - name: Defender CSP + href: defender-csp.md + items: + - name: Defender DDF file + href: defender-ddf.md + - name: DevDetail CSP + href: devdetail-csp.md + items: + - name: DevDetail DDF file + href: devdetail-ddf-file.md + - name: DeveloperSetup CSP + href: developersetup-csp.md + items: + - name: DeveloperSetup DDF + href: developersetup-ddf.md + - name: DeviceLock CSP + href: devicelock-csp.md + items: + - name: DeviceLock DDF file + href: devicelock-ddf-file.md + - name: DeviceManageability CSP + href: devicemanageability-csp.md + items: + - name: DeviceManageability DDF + href: devicemanageability-ddf.md + - name: DeviceStatus CSP + href: devicestatus-csp.md + items: + - name: DeviceStatus DDF + href: devicestatus-ddf.md + - name: DevInfo CSP + href: devinfo-csp.md + items: + - name: DevInfo DDF file + href: devinfo-ddf-file.md + - name: DiagnosticLog CSP + href: diagnosticlog-csp.md + items: + - name: DiagnosticLog DDF file + href: diagnosticlog-ddf.md + - name: DMAcc CSP + href: dmacc-csp.md + items: + - name: DMAcc DDF file + href: dmacc-ddf-file.md + - name: DMClient CSP + href: dmclient-csp.md + items: + - name: DMClient DDF file + href: dmclient-ddf-file.md + - name: DMSessionActions CSP + href: dmsessionactions-csp.md + items: + - name: DMSessionActions DDF file + href: dmsessionactions-ddf.md + - name: DynamicManagement CSP + href: dynamicmanagement-csp.md + items: + - name: DynamicManagement DDF file + href: dynamicmanagement-ddf.md + - name: EMAIL2 CSP + href: email2-csp.md + items: + - name: EMAIL2 DDF file + href: email2-ddf-file.md + - name: EnrollmentStatusTracking CSP + href: enrollmentstatustracking-csp.md + items: + - name: EnrollmentStatusTracking DDF file + href: enrollmentstatustracking-csp-ddf.md + - name: EnterpriseAPN CSP + href: enterpriseapn-csp.md + items: + - name: EnterpriseAPN DDF + href: enterpriseapn-ddf.md + - name: EnterpriseAppVManagement CSP + href: enterpriseappvmanagement-csp.md + items: + - name: EnterpriseAppVManagement DDF file + href: enterpriseappvmanagement-ddf.md + - name: EnterpriseDataProtection CSP + href: enterprisedataprotection-csp.md + items: + - name: EnterpriseDataProtection DDF file + href: enterprisedataprotection-ddf-file.md + - name: EnterpriseDesktopAppManagement CSP + href: enterprisedesktopappmanagement-csp.md + items: + - name: EnterpriseDesktopAppManagement DDF + href: enterprisedesktopappmanagement-ddf-file.md + - name: EnterpriseDesktopAppManagement XSD + href: enterprisedesktopappmanagement2-xsd.md + - name: EnterpriseModernAppManagement CSP + href: enterprisemodernappmanagement-csp.md + items: + - name: EnterpriseModernAppManagement DDF + href: enterprisemodernappmanagement-ddf.md + - name: EnterpriseModernAppManagement XSD + href: enterprisemodernappmanagement-xsd.md + - name: eUICCs CSP + href: euiccs-csp.md + items: + - name: eUICCs DDF file + href: euiccs-ddf-file.md + - name: Firewall CSP + href: firewall-csp.md + items: + - name: Firewall DDF file + href: firewall-ddf-file.md + - name: HealthAttestation CSP + href: healthattestation-csp.md + items: + - name: HealthAttestation DDF + href: healthattestation-ddf.md + - name: MultiSIM CSP + href: multisim-csp.md + items: + - name: MultiSIM DDF file + href: multisim-ddf.md + - name: NAP CSP + href: nap-csp.md + - name: NAPDEF CSP + href: napdef-csp.md + - name: NetworkProxy CSP + href: networkproxy-csp.md + items: + - name: NetworkProxy DDF file + href: networkproxy-ddf.md + - name: NetworkQoSPolicy CSP + href: networkqospolicy-csp.md + items: + - name: NetworkQoSPolicy DDF file + href: networkqospolicy-ddf.md + - name: NodeCache CSP + href: nodecache-csp.md + items: + - name: NodeCache DDF file + href: nodecache-ddf-file.md + - name: Office CSP + href: office-csp.md + items: + - name: Office DDF + href: office-ddf.md + - name: PassportForWork CSP + href: passportforwork-csp.md + items: + - name: PassportForWork DDF file + href: passportforwork-ddf.md + - name: PersonalDataEncryption CSP + href: personaldataencryption-csp.md + items: + - name: PersonalDataEncryption DDF file + href: personaldataencryption-ddf-file.md + - name: Personalization CSP + href: personalization-csp.md + items: + - name: Personalization DDF file + href: personalization-ddf.md + - name: Policy CSP + href: policy-configuration-service-provider.md + items: + - name: Policy CSP DDF file + href: policy-ddf-file.md + - name: Policies in Policy CSP supported by Group Policy + href: policies-in-policy-csp-supported-by-group-policy.md + - name: ADMX policies in Policy CSP + href: policies-in-policy-csp-admx-backed.md + - name: Policies in Policy CSP supported by HoloLens 2 + href: policies-in-policy-csp-supported-by-hololens2.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite + href: policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md + - name: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition + href: policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md + - name: Policies in Policy CSP supported by Windows 10 IoT Enterprise + href: ./configuration-service-provider-reference.md + - name: Policies in Policy CSP supported by Windows 10 IoT Core + href: policies-in-policy-csp-supported-by-iot-core.md + - name: Policies in Policy CSP supported by Microsoft Surface Hub + href: policies-in-policy-csp-supported-by-surface-hub.md + - name: Policy CSPs that can be set using Exchange Active Sync (EAS) + href: policies-in-policy-csp-that-can-be-set-using-eas.md + - name: AboveLock + href: policy-csp-abovelock.md + - name: Accounts + href: policy-csp-accounts.md + - name: ActiveXControls + href: policy-csp-activexcontrols.md + - name: ADMX_ActiveXInstallService + href: policy-csp-admx-activexinstallservice.md + - name: ADMX_AddRemovePrograms + href: policy-csp-admx-addremoveprograms.md + - name: ADMX_AdmPwd + href: policy-csp-admx-admpwd.md + - name: ADMX_AppCompat + href: policy-csp-admx-appcompat.md + - name: ADMX_AppxPackageManager + href: policy-csp-admx-appxpackagemanager.md + - name: ADMX_AppXRuntime + href: policy-csp-admx-appxruntime.md + - name: ADMX_AttachmentManager + href: policy-csp-admx-attachmentmanager.md + - name: ADMX_AuditSettings + href: policy-csp-admx-auditsettings.md + - name: ADMX_Bits + href: policy-csp-admx-bits.md + - name: ADMX_CipherSuiteOrder + href: policy-csp-admx-ciphersuiteorder.md + - name: ADMX_COM + href: policy-csp-admx-com.md + - name: ADMX_ControlPanel + href: policy-csp-admx-controlpanel.md + - name: ADMX_ControlPanelDisplay + href: policy-csp-admx-controlpaneldisplay.md + - name: ADMX_Cpls + href: policy-csp-admx-cpls.md + - name: ADMX_CredentialProviders + href: policy-csp-admx-credentialproviders.md + - name: ADMX_CredSsp + href: policy-csp-admx-credssp.md + - name: ADMX_CredUI + href: policy-csp-admx-credui.md + - name: ADMX_CtrlAltDel + href: policy-csp-admx-ctrlaltdel.md + - name: ADMX_DataCollection + href: policy-csp-admx-datacollection.md + - name: ADMX_DCOM + href: policy-csp-admx-dcom.md + - name: ADMX_Desktop + href: policy-csp-admx-desktop.md + - name: ADMX_DeviceCompat + href: policy-csp-admx-devicecompat.md + - name: ADMX_DeviceGuard + href: policy-csp-admx-deviceguard.md + - name: ADMX_DeviceInstallation + href: policy-csp-admx-deviceinstallation.md + - name: ADMX_DeviceSetup + href: policy-csp-admx-devicesetup.md + - name: ADMX_DFS + href: policy-csp-admx-dfs.md + - name: ADMX_DigitalLocker + href: policy-csp-admx-digitallocker.md + - name: ADMX_DiskDiagnostic + href: policy-csp-admx-diskdiagnostic.md + - name: ADMX_DistributedLinkTracking + href: policy-csp-admx-distributedlinktracking.md + - name: ADMX_DnsClient + href: policy-csp-admx-dnsclient.md + - name: ADMX_DWM + href: policy-csp-admx-dwm.md + - name: ADMX_EAIME + href: policy-csp-admx-eaime.md + - name: ADMX_EncryptFilesonMove + href: policy-csp-admx-encryptfilesonmove.md + - name: ADMX_EventLogging + href: policy-csp-admx-eventlogging.md + - name: ADMX_EnhancedStorage + href: policy-csp-admx-enhancedstorage.md + - name: ADMX_ErrorReporting + href: policy-csp-admx-errorreporting.md + - name: ADMX_EventForwarding + href: policy-csp-admx-eventforwarding.md + - name: ADMX_EventLog + href: policy-csp-admx-eventlog.md + - name: ADMX_EventViewer + href: policy-csp-admx-eventviewer.md + - name: ADMX_Explorer + href: policy-csp-admx-explorer.md + - name: ADMX_ExternalBoot + href: policy-csp-admx-externalboot.md + - name: ADMX_FileRecovery + href: policy-csp-admx-filerecovery.md + - name: ADMX_FileRevocation + href: policy-csp-admx-filerevocation.md + - name: ADMX_FileServerVSSProvider + href: policy-csp-admx-fileservervssprovider.md + - name: ADMX_FileSys + href: policy-csp-admx-filesys.md + - name: ADMX_FolderRedirection + href: policy-csp-admx-folderredirection.md + - name: ADMX_FramePanes + href: policy-csp-admx-framepanes.md + - name: ADMX_FTHSVC + href: policy-csp-admx-fthsvc.md + - name: ADMX_Globalization + href: policy-csp-admx-globalization.md + - name: ADMX_GroupPolicy + href: policy-csp-admx-grouppolicy.md + - name: ADMX_Help + href: policy-csp-admx-help.md + - name: ADMX_HelpAndSupport + href: policy-csp-admx-helpandsupport.md + - name: ADMX_HotSpotAuth + href: policy-csp-admx-hotspotauth.md + - name: ADMX_ICM + href: policy-csp-admx-icm.md + - name: ADMX_IIS + href: policy-csp-admx-iis.md + - name: ADMX_iSCSI + href: policy-csp-admx-iscsi.md + - name: ADMX_kdc + href: policy-csp-admx-kdc.md + - name: ADMX_Kerberos + href: policy-csp-admx-kerberos.md + - name: ADMX_LanmanServer + href: policy-csp-admx-lanmanserver.md + - name: ADMX_LanmanWorkstation + href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LeakDiagnostic + href: policy-csp-admx-leakdiagnostic.md + - name: ADMX_LinkLayerTopologyDiscovery + href: policy-csp-admx-linklayertopologydiscovery.md + - name: ADMX_LocationProviderAdm + href: policy-csp-admx-locationprovideradm.md + - name: ADMX_Logon + href: policy-csp-admx-logon.md + - name: ADMX_MicrosoftDefenderAntivirus + href: policy-csp-admx-microsoftdefenderantivirus.md + - name: ADMX_MMC + href: policy-csp-admx-mmc.md + - name: ADMX_MMCSnapins + href: policy-csp-admx-mmcsnapins.md + - name: ADMX_MobilePCMobilityCenter + href: policy-csp-admx-mobilepcmobilitycenter.md + - name: ADMX_MobilePCPresentationSettings + href: policy-csp-admx-mobilepcpresentationsettings.md + - name: ADMX_MSAPolicy + href: policy-csp-admx-msapolicy.md + - name: ADMX_msched + href: policy-csp-admx-msched.md + - name: ADMX_MSDT + href: policy-csp-admx-msdt.md + - name: ADMX_MSI + href: policy-csp-admx-msi.md + - name: ADMX_MsiFileRecovery + href: policy-csp-admx-msifilerecovery.md + - name: ADMX_nca + href: policy-csp-admx-nca.md + - name: ADMX_NCSI + href: policy-csp-admx-ncsi.md + - name: ADMX_Netlogon + href: policy-csp-admx-netlogon.md + - name: ADMX_NetworkConnections + href: policy-csp-admx-networkconnections.md + - name: ADMX_OfflineFiles + href: policy-csp-admx-offlinefiles.md + - name: ADMX_pca + href: policy-csp-admx-pca.md + - name: ADMX_PeerToPeerCaching + href: policy-csp-admx-peertopeercaching.md + - name: ADMX_PenTraining + href: policy-csp-admx-pentraining.md + - name: ADMX_PerformanceDiagnostics + href: policy-csp-admx-performancediagnostics.md + - name: ADMX_Power + href: policy-csp-admx-power.md + - name: ADMX_PowerShellExecutionPolicy + href: policy-csp-admx-powershellexecutionpolicy.md + - name: ADMX_PreviousVersions + href: policy-csp-admx-previousversions.md + - name: ADMX_Printing + href: policy-csp-admx-printing.md + - name: ADMX_Printing2 + href: policy-csp-admx-printing2.md + - name: ADMX_Programs + href: policy-csp-admx-programs.md + - name: ADMX_Reliability + href: policy-csp-admx-reliability.md + - name: ADMX_RemoteAssistance + href: policy-csp-admx-remoteassistance.md + - name: ADMX_RemovableStorage + href: policy-csp-admx-removablestorage.md + - name: ADMX_RPC + href: policy-csp-admx-rpc.md + - name: ADMX_Scripts + href: policy-csp-admx-scripts.md + - name: ADMX_sdiageng + href: policy-csp-admx-sdiageng.md + - name: ADMX_sdiagschd + href: policy-csp-admx-sdiagschd.md + - name: ADMX_Securitycenter + href: policy-csp-admx-securitycenter.md + - name: ADMX_Sensors + href: policy-csp-admx-sensors.md + - name: ADMX_ServerManager + href: policy-csp-admx-servermanager.md + - name: ADMX_Servicing + href: policy-csp-admx-servicing.md + - name: ADMX_SettingSync + href: policy-csp-admx-settingsync.md + - name: ADMX_SharedFolders + href: policy-csp-admx-sharedfolders.md + - name: ADMX_Sharing + href: policy-csp-admx-sharing.md + - name: ADMX_ShellCommandPromptRegEditTools + href: policy-csp-admx-shellcommandpromptregedittools.md + - name: ADMX_Smartcard + href: policy-csp-admx-smartcard.md + - name: ADMX_Snmp + href: policy-csp-admx-snmp.md + - name: ADMX_StartMenu + href: policy-csp-admx-startmenu.md + - name: ADMX_SystemRestore + href: policy-csp-admx-systemrestore.md + - name: ADMX_TabletShell + href: policy-csp-admx-tabletshell.md + - name: ADMX_Taskbar + href: policy-csp-admx-taskbar.md + - name: ADMX_tcpip + href: policy-csp-admx-tcpip.md + - name: ADMX_TerminalServer + href: policy-csp-admx-terminalserver.md + - name: ADMX_Thumbnails + href: policy-csp-admx-thumbnails.md + - name: ADMX_TouchInput + href: policy-csp-admx-touchinput.md + - name: ADMX_TPM + href: policy-csp-admx-tpm.md + - name: ADMX_UserExperienceVirtualization + href: policy-csp-admx-userexperiencevirtualization.md + - name: ADMX_UserProfiles + href: policy-csp-admx-userprofiles.md + - name: ADMX_W32Time + href: policy-csp-admx-w32time.md + - name: ADMX_WCM + href: policy-csp-admx-wcm.md + - name: ADMX_WDI + href: policy-csp-admx-wdi.md + - name: ADMX_WinCal + href: policy-csp-admx-wincal.md + - name: ADMX_WindowsConnectNow + href: policy-csp-admx-windowsconnectnow.md + - name: ADMX_WindowsExplorer + href: policy-csp-admx-windowsexplorer.md + - name: ADMX_WindowsMediaDRM + href: policy-csp-admx-windowsmediadrm.md + - name: ADMX_WindowsMediaPlayer + href: policy-csp-admx-windowsmediaplayer.md + - name: ADMX_WindowsRemoteManagement + href: policy-csp-admx-windowsremotemanagement.md + - name: ADMX_WindowsStore + href: policy-csp-admx-windowsstore.md + - name: ADMX_WinInit + href: policy-csp-admx-wininit.md + - name: ADMX_WinLogon + href: policy-csp-admx-winlogon.md + - name: ADMX-Winsrv + href: policy-csp-admx-winsrv.md + - name: ADMX_wlansvc + href: policy-csp-admx-wlansvc.md + - name: ADMX_WordWheel + href: policy-csp-admx-wordwheel.md + - name: ADMX_WorkFoldersClient + href: policy-csp-admx-workfoldersclient.md + - name: ADMX_WPN + href: policy-csp-admx-wpn.md + - name: ApplicationDefaults + href: policy-csp-applicationdefaults.md + - name: ApplicationManagement + href: policy-csp-applicationmanagement.md + - name: AppRuntime + href: policy-csp-appruntime.md + - name: AppVirtualization + href: policy-csp-appvirtualization.md + - name: AttachmentManager + href: policy-csp-attachmentmanager.md + - name: Audit + href: policy-csp-audit.md + - name: Authentication + href: policy-csp-authentication.md + - name: Autoplay + href: policy-csp-autoplay.md + - name: BitLocker + href: policy-csp-bitlocker.md + - name: BITS + href: policy-csp-bits.md + - name: Bluetooth + href: policy-csp-bluetooth.md + - name: Browser + href: policy-csp-browser.md + - name: Camera + href: policy-csp-camera.md + - name: Cellular + href: policy-csp-cellular.md + - name: Connectivity + href: policy-csp-connectivity.md + - name: ControlPolicyConflict + href: policy-csp-controlpolicyconflict.md + - name: CredentialsDelegation + href: policy-csp-credentialsdelegation.md + - name: CredentialProviders + href: policy-csp-credentialproviders.md + - name: CredentialsUI + href: policy-csp-credentialsui.md + - name: Cryptography + href: policy-csp-cryptography.md + - name: DataProtection + href: policy-csp-dataprotection.md + - name: DataUsage + href: policy-csp-datausage.md + - name: Defender + href: policy-csp-defender.md + - name: DeliveryOptimization + href: policy-csp-deliveryoptimization.md + - name: Desktop + href: policy-csp-desktop.md + - name: DeviceGuard + href: policy-csp-deviceguard.md + - name: DeviceHealthMonitoring + href: policy-csp-devicehealthmonitoring.md + - name: DeviceInstallation + href: policy-csp-deviceinstallation.md + - name: DeviceLock + href: policy-csp-devicelock.md + - name: Display + href: policy-csp-display.md + - name: DmaGuard + href: policy-csp-dmaguard.md + - name: EAP + href: policy-csp-eap.md + - name: Education + href: policy-csp-education.md + - name: EnterpriseCloudPrint + href: policy-csp-enterprisecloudprint.md + - name: ErrorReporting + href: policy-csp-errorreporting.md + - name: EventLogService + href: policy-csp-eventlogservice.md + - name: Experience + href: policy-csp-experience.md + - name: ExploitGuard + href: policy-csp-exploitguard.md + - name: Feeds + href: policy-csp-feeds.md + - name: FileExplorer + href: policy-csp-fileexplorer.md + - name: Games + href: policy-csp-games.md + - name: Handwriting + href: policy-csp-handwriting.md + - name: HumanPresence + href: policy-csp-humanpresence.md + - name: InternetExplorer + href: policy-csp-internetexplorer.md + - name: Kerberos + href: policy-csp-kerberos.md + - name: KioskBrowser + href: policy-csp-kioskbrowser.md + - name: LanmanWorkstation + href: policy-csp-lanmanworkstation.md + - name: Licensing + href: policy-csp-licensing.md + - name: LocalPoliciesSecurityOptions + href: policy-csp-localpoliciessecurityoptions.md + - name: LocalUsersAndGroups + href: policy-csp-localusersandgroups.md + - name: LockDown + href: policy-csp-lockdown.md + - name: Maps + href: policy-csp-maps.md + - name: MemoryDump + href: policy-csp-memorydump.md + - name: Messaging + href: policy-csp-messaging.md + - name: MixedReality + href: policy-csp-mixedreality.md + - name: MSSecurityGuide + href: policy-csp-mssecurityguide.md + - name: MSSLegacy + href: policy-csp-msslegacy.md + - name: Multitasking + href: policy-csp-multitasking.md + - name: NetworkIsolation + href: policy-csp-networkisolation.md + - name: NetworkListManager + href: policy-csp-networklistmanager.md + - name: NewsAndInterests + href: policy-csp-newsandinterests.md + - name: Notifications + href: policy-csp-notifications.md + - name: Power + href: policy-csp-power.md + - name: Printers + href: policy-csp-printers.md + - name: Privacy + href: policy-csp-privacy.md + - name: RemoteAssistance + href: policy-csp-remoteassistance.md + - name: RemoteDesktop + href: policy-csp-remotedesktop.md + - name: RemoteDesktopServices + href: policy-csp-remotedesktopservices.md + - name: RemoteManagement + href: policy-csp-remotemanagement.md + - name: RemoteProcedureCall + href: policy-csp-remoteprocedurecall.md + - name: RemoteShell + href: policy-csp-remoteshell.md + - name: RestrictedGroups + href: policy-csp-restrictedgroups.md + - name: Search + href: policy-csp-search.md + - name: Security + href: policy-csp-security.md + - name: ServiceControlManager + href: policy-csp-servicecontrolmanager.md + - name: Settings + href: policy-csp-settings.md + - name: Speech + href: policy-csp-speech.md + - name: Start + href: policy-csp-start.md + - name: Storage + href: policy-csp-storage.md + - name: System + href: policy-csp-system.md + - name: SystemServices + href: policy-csp-systemservices.md + - name: TaskManager + href: policy-csp-taskmanager.md + - name: TaskScheduler + href: policy-csp-taskscheduler.md + - name: TextInput + href: policy-csp-textinput.md + - name: TimeLanguageSettings + href: policy-csp-timelanguagesettings.md + - name: Troubleshooting + href: policy-csp-troubleshooting.md + - name: Update + href: policy-csp-update.md + - name: UserRights + href: policy-csp-userrights.md + - name: VirtualizationBasedTechnology + href: policy-csp-virtualizationbasedtechnology.md + - name: Wifi + href: policy-csp-wifi.md + - name: WindowsAutoPilot + href: policy-csp-windowsautopilot.md + - name: WindowsConnectionManager + href: policy-csp-windowsconnectionmanager.md + - name: WindowsDefenderSecurityCenter + href: policy-csp-windowsdefendersecuritycenter.md + - name: WindowsDefenderSmartScreen + href: policy-csp-smartscreen.md + - name: WindowsInkWorkspace + href: policy-csp-windowsinkworkspace.md + - name: WindowsLogon + href: policy-csp-windowslogon.md + - name: WindowsPowerShell + href: policy-csp-windowspowershell.md + - name: WindowsSandbox + href: policy-csp-windowssandbox.md + - name: WirelessDisplay + href: policy-csp-wirelessdisplay.md + - name: Provisioning CSP + href: provisioning-csp.md + - name: PXLOGICAL CSP + href: pxlogical-csp.md + - name: Reboot CSP + href: reboot-csp.md + items: + - name: Reboot DDF file + href: reboot-ddf-file.md + - name: RemoteFind CSP + href: remotefind-csp.md + items: + - name: RemoteFind DDF file + href: remotefind-ddf-file.md + - name: RemoteWipe CSP + href: remotewipe-csp.md + items: + - name: RemoteWipe DDF file + href: remotewipe-ddf-file.md + - name: Reporting CSP + href: reporting-csp.md + items: + - name: Reporting DDF file + href: reporting-ddf-file.md + - name: RootCATrustedCertificates CSP + href: rootcacertificates-csp.md + items: + - name: RootCATrustedCertificates DDF file + href: rootcacertificates-ddf-file.md + - name: SecureAssessment CSP + href: secureassessment-csp.md + items: + - name: SecureAssessment DDF file + href: secureassessment-ddf-file.md + - name: SecurityPolicy CSP + href: securitypolicy-csp.md + - name: SharedPC CSP + href: sharedpc-csp.md + items: + - name: SharedPC DDF file + href: sharedpc-ddf-file.md + - name: Storage CSP + href: storage-csp.md + items: + - name: Storage DDF file + href: storage-ddf-file.md + - name: SUPL CSP + href: supl-csp.md + items: + - name: SUPL DDF file + href: supl-ddf-file.md + - name: SurfaceHub CSP + href: surfacehub-csp.md + items: + - name: SurfaceHub DDF file + href: surfacehub-ddf-file.md + - name: TenantLockdown CSP + href: tenantlockdown-csp.md + items: + - name: TenantLockdown DDF file + href: tenantlockdown-ddf.md + - name: TPMPolicy CSP + href: tpmpolicy-csp.md + items: + - name: TPMPolicy DDF file + href: tpmpolicy-ddf-file.md + - name: UEFI CSP + href: uefi-csp.md + items: + - name: UEFI DDF file + href: uefi-ddf.md + - name: UnifiedWriteFilter CSP + href: unifiedwritefilter-csp.md + items: + - name: UnifiedWriteFilter DDF file + href: unifiedwritefilter-ddf.md + - name: UniversalPrint CSP + href: universalprint-csp.md + items: + - name: UniversalPrint DDF file + href: universalprint-ddf-file.md + - name: Update CSP + href: update-csp.md + items: + - name: Update DDF file + href: update-ddf-file.md + - name: VPN CSP + href: vpn-csp.md + items: + - name: VPN DDF file + href: vpn-ddf-file.md + - name: VPNv2 CSP + href: vpnv2-csp.md + items: + - name: VPNv2 DDF file + href: vpnv2-ddf-file.md + - name: ProfileXML XSD + href: vpnv2-profile-xsd.md + - name: EAP configuration + href: eap-configuration.md + - name: w4 APPLICATION CSP + href: w4-application-csp.md + - name: w7 APPLICATION CSP + href: w7-application-csp.md + - name: WiFi CSP + href: wifi-csp.md + items: + - name: WiFi DDF file + href: wifi-ddf-file.md + - name: Win32AppInventory CSP + href: win32appinventory-csp.md + items: + - name: Win32AppInventory DDF file + href: win32appinventory-ddf-file.md + - name: Win32CompatibilityAppraiser CSP + href: win32compatibilityappraiser-csp.md + items: + - name: Win32CompatibilityAppraiser DDF file + href: win32compatibilityappraiser-ddf.md + - name: WindowsAdvancedThreatProtection CSP + href: windowsadvancedthreatprotection-csp.md + items: + - name: WindowsAdvancedThreatProtection DDF file + href: windowsadvancedthreatprotection-ddf.md + - name: WindowsAutopilot CSP + href: windowsautopilot-csp.md + items: + - name: WindowsAutopilot DDF file + href: windowsautopilot-ddf-file.md + - name: WindowsDefenderApplicationGuard CSP + href: windowsdefenderapplicationguard-csp.md + items: + - name: WindowsDefenderApplicationGuard DDF file + href: windowsdefenderapplicationguard-ddf-file.md + - name: WindowsLicensing CSP + href: windowslicensing-csp.md + items: + - name: WindowsLicensing DDF file + href: windowslicensing-ddf-file.md + - name: WiredNetwork CSP + href: wirednetwork-csp.md + items: + - name: WiredNetwork DDF file + href: wirednetwork-ddf-file.md From 882ac0ab0aad4317570fe4fc4d39e3ff718aaa8c Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 12 Sep 2022 10:06:40 -0400 Subject: [PATCH 22/23] Update toc.yml --- windows/client-management/mdm/toc.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index ca5fc61494..813ff6e424 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -690,6 +690,8 @@ items: href: policy-csp-deliveryoptimization.md - name: Desktop href: policy-csp-desktop.md + - name: DesktopAppInstaller + href: policy-csp-desktopappinstaller.md - name: DeviceGuard href: policy-csp-deviceguard.md - name: DeviceHealthMonitoring @@ -738,6 +740,8 @@ items: href: policy-csp-licensing.md - name: LocalPoliciesSecurityOptions href: policy-csp-localpoliciessecurityoptions.md + - name: LocalSecurityAuthority + href: policy-csp-lsa.md - name: LocalUsersAndGroups href: policy-csp-localusersandgroups.md - name: LockDown @@ -818,6 +822,8 @@ items: href: policy-csp-userrights.md - name: VirtualizationBasedTechnology href: policy-csp-virtualizationbasedtechnology.md + - name: WebThreatDefense + href: policy-csp-webthreatdefense.md - name: Wifi href: policy-csp-wifi.md - name: WindowsAutoPilot From 816e2f2b611db653206d54a0d665818db21a733c Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 12 Sep 2022 19:47:06 +0530 Subject: [PATCH 23/23] Update personaldataencryption-csp.md --- .../mdm/personaldataencryption-csp.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md index b21b26bd08..03e2b0f21b 100644 --- a/windows/client-management/mdm/personaldataencryption-csp.md +++ b/windows/client-management/mdm/personaldataencryption-csp.md @@ -1,29 +1,32 @@ --- title: PersonalDataEncryption CSP description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. -ms.author: dansimp +ms.author: v-nsatapathy ms.topic: article ms.prod: w10 ms.technology: windows -author: dansimp +author: nimishasatapathy ms.localizationpriority: medium -ms.date: 02/04/2022 +ms.date: 09/12/2022 ms.reviewer: manager: dansimp ms.collection: highpri --- + # PersonalDataEncryption CSP The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP is supported in Windows 11. The following shows the PersonalDataEncryption configuration service provider in tree format: -```./User/Vendor/MSFT/PDE +``` +./User/Vendor/MSFT/PDE -- EnablePersonalDataEncryption -- Status -------- PersonalDataEncryptionStatus ``` + **EnablePersonalDataEncryption**: - 0 is default (disabled) - 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).