deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'MicrosoftDocs:release-win11-22h2' into release-win11-22h2

Browse Source
This commit is contained in:
zwhitt-microsoft 2022-09-12 08:41:13 -07:00 committed by GitHub
commit 372eaa1d79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 1117 additions and 850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
education/windows/take-a-test-multiple-pcs.md
View File

@ -15,6 +15,8 @@ ms.reviewer:
manager: aaroncz
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows 11 SE</b>
---
# Set up Take a Test on multiple PCs
@ -271,7 +273,7 @@ This assessment URL uses our lockdown API:
## Related topics
[Take tests in Windows 10](take-tests-in-windows-10.md)
[Take tests in Windows](take-tests-in-windows-10.md)
[Set up Take a Test on a single PC](take-a-test-single-pc.md)

6
education/windows/take-a-test-single-pc.md
View File

@ -15,6 +15,8 @@ ms.reviewer:
manager: aaroncz
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows 11 SE</b>
---
# Set up Take a Test on a single PC
@ -23,7 +25,7 @@ To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow t
## Set up a dedicated test account
To configure the assessment URL and a dedicated testing account on a single PC, follow these steps.
1. Sign into the Windows 10 device with an administrator account.
1. Sign into the Windows device with an administrator account.
2. Open the **Settings** app and go to **Accounts > Access work or school**.
3. Click **Set up an account for taking tests**.
@ -127,7 +129,7 @@ Once the shortcut is created, you can copy it and distribute it to students.
## Related topics
[Take tests in Windows 10](take-tests-in-windows-10.md)
[Take tests in Windows](take-tests-in-windows-10.md)
[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)

7
windows/client-management/mdm/devicestatus-csp.md
View File

@ -71,6 +71,8 @@ DeviceStatus
--------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus
----CertAttestation
--------MDMClientCertAttestation
```
<a href="" id="devicestatus"></a>**DeviceStatus**
@ -363,6 +365,11 @@ Added in Windows, version 1709. Local System Authority (LSA) credential guard s
Supported operation is Get.
<a href="" id="devicestatus-certattestation-mdmclientcertattestation"></a>**DeviceStatus/CertAttestation/MDMClientCertAttestation**
Added in Windows 11, version 22H2. MDM Certificate attestation information. This will return an XML blob containing the relevant attestation fields.
Supported operation is Get.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)

1564
windows/client-management/mdm/devicestatus-ddf.md
View File

File diff suppressed because it is too large Load Diff

47
windows/client-management/mdm/personaldataencryption-csp.md Normal file
View File

@ -0,0 +1,47 @@
---
title: PersonalDataEncryption CSP
description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/12/2022
ms.reviewer:
manager: dansimp
ms.collection: highpri
---
# PersonalDataEncryption CSP
The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP is supported in Windows 11.
The following shows the PersonalDataEncryption configuration service provider in tree format:
```
./User/Vendor/MSFT/PDE
-- EnablePersonalDataEncryption
-- Status
-------- PersonalDataEncryptionStatus
```
**EnablePersonalDataEncryption**:
- 0 is default (disabled)
- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for the PDE to be enabled.
**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the report will be 0. If all prerequisites are met for PDE, then PDE will be enabled and this will report 1.
> [!Note]
> The policy is only applicable on Enterprise and Education SKUs.
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|No|No|
|Business|No|No|
|Enterprise|No|Yes|
|Education|No|Yes|

127
windows/client-management/mdm/personaldataencryption-ddf-file.md Normal file
View File

@ -0,0 +1,127 @@
---
title: PersonalDataEncryption DDF file
description: Learn about the OMA DM device description framework (DDF) for the PersonalDataEncryption configuration service provider.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/10/2022
ms.reviewer:
manager: dansimp
---
# PersonalDataEncryption DDF file
This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the current version for this CSP.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>PDE</NodeName>
<Path>./User/Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>EnablePersonalDataEncryption</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME />
</DFType>
<MSFT:AllowedValues ValueType="ENUM">
<MSFT:Enum>
<MSFT:Value>0</MSFT:Value>
<MSFT:ValueDescription>Disable Personal Data Encryption.</MSFT:ValueDescription>
</MSFT:Enum>
<MSFT:Enum>
<MSFT:Value>1</MSFT:Value>
<MSFT:ValueDescription>Enable Personal Data Encryption.</MSFT:ValueDescription>
</MSFT:Enum>
</MSFT:AllowedValues>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName />
</DFType>
</DFProperties>
<Node>
<NodeName>PersonalDataEncryptionStatus</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```

8
windows/client-management/mdm/sharedpc-csp.md
View File

@ -31,6 +31,7 @@ The following example shows the SharedPC configuration service provider manageme
./Vendor/MSFT
SharedPC
----EnableSharedPCMode
----EnableSharedPCModeWithOneDriveSync
----SetEduPolicies
----SetPowerPolicies
----MaintenanceStartTime
@ -61,6 +62,13 @@ Setting this value to True triggers the action to configure a device to Shared P
The default value is Not Configured and SharedPC mode is not enabled.
<a href="" id="enablesharedpcmodewithonedrivesync"></a>**EnableSharedPCModeWithOneDriveSync**
Setting this node to true triggers the action to configure a device to Shared PC mode with OneDrive sync turned on.
The supported operations are Add, Get, Replace, and Delete.
The default value is false.
<a href="" id="setedupolicies"></a>**SetEduPolicies**
A boolean value that specifies whether the policies for education environment are enabled. Setting this value to true triggers the action to configure a device as education environment.

26
windows/client-management/mdm/sharedpc-ddf-file.md
View File

@ -70,6 +70,32 @@ The XML below is the DDF for Windows 10, version 1703.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>EnableSharedPCModeWithOneDriveSync</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Setting this node to “1” triggers the action to configure a device to Shared PC mode with OneDrive sync turned on</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Enable Shared PC mode with OneDrive sync</DFTitle>
<DFType>
<MIME />
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>SetEduPolicies</NodeName>
<DFProperties>

5
windows/client-management/mdm/toc.yml
View File

@ -333,6 +333,11 @@ items:
items:
- name: PassportForWork DDF file
href: passportforwork-ddf.md
- name: PersonalDataEncryption CSP
href: personaldataencryption-csp.md
items:
- name: PersonalDataEncryption DDF file
href: personaldataencryption-ddf-file.md
- name: Personalization CSP
href: personalization-csp.md
items:

2
windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
View File

@ -20,7 +20,7 @@ Windows Autopatch is a cloud service for enterprise customers designed to keep e
Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources.
The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. The service also uses these Microsoft services to enable Windows Autopatch to provide IT as a Service (ITaaS) capabilities:
The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.
| Data source | Purpose |
| ------ | ------ |

1
windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
View File

@ -100,6 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
| 0x801C03F1 | There is no UPN in the token. |
| 0x801C044C | There is no core window for the current thread. |
| 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. |
| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall generated this response. |
## Related topics